WordPress .htaccess File: Complete Guide 2026

Published April 21, 2026

WordPress .htaccess File Guide

The .htaccess file is a server configuration file that Apache reads on every request. WordPress uses it primarily for permalink routing, but it also controls redirects, security, and performance settings.

Default WordPress .htaccess Content

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

This tells Apache to pass all requests that are not real files or directories to WordPress's index.php, enabling pretty permalinks.

Regenerating .htaccess

If your .htaccess gets corrupted, go to Settings → Permalinks and click Save Changes. WordPress will regenerate the default rules automatically.

Common .htaccess Customizations

Force HTTPS:

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Block XML-RPC (if not needed):

<Files xmlrpc.php>
  Order deny,allow
  Deny from all
</Files>

Protect wp-config.php:

<Files wp-config.php>
  Order deny,allow
  Deny from all
</Files>

Important Rules

• Always keep a backup before editing .htaccess
• Keep custom rules outside the WordPress BEGIN/END markers to prevent them being overwritten
• A syntax error in .htaccess causes a 500 error — test changes carefully

Note: SiteICO uses FrankenPHP (Caddy-based), not Apache. .htaccess rules are not applicable. Performance and security rules are configured at the server level automatically.