How to Use htaccess File to Secure and Control Redirection
The htaccess file is the control room for your website that contains essential rules that complete all communication with your web hosting server. The .htaccess is an important core file often used to add, modify, and override server-level configurations, security, and redirect parameters.
In most cases, you can resolve server level operational issues and challenges by simply updating/changing the rules in the htaccess file. However, many website owners are unaware of this file’s actual potential and miss out on optimizing their servers (and websites) to the fullest.
To help all such WordPress site, I will highlight several interesting things you could accomplish by using the htaccess file in wordpress.
If NGINX & Apache for running your sites, you will see no htaccess file as it on hidden mode by default. But, if your site is hosted on Apache Web Server, you will find the htaccess file in the root directory public_html folder.
To access your .htaccess file, connect your server via FTP Client like FileZilla & go to your application root folder.
WordPress .htaccess Redirects
You can use the .htaccess file in WordPress to control website redirects. below key points are help you set up and control redirections on websites.
301 Redirect
The 301 Redirect tells search engines that a URL has been permanently moved to another url. We can also redirect a folder, page, or even a complete website. The following snippet will redirect the old-page.html to new-page.html
Redirect 301 /old-page.html https://www.yourwebsite.com/new-page.html
302 Redirect
The 302 Redirect tells search engines that the redirection is temporary. Using 302 redirect helps you slow down shuffles.
Redirect 302 /old-page.html http://www.yourwebsite.com/new-page.html
Force URL to www
Write .htaccess rule in website will force all the visitors on example.com to use www.example.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
Force URL to non-www
Write .htaccess rule will force all visitors on www.example.com to use example.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
Force HTTPS
Write .htaccess file will force all your visitors to use HTTPS instead of HTTP for all URLs.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Restrict Access to WordPress Admin Panel
If someone got access to your WordPress admin pages, they can do whatever they want to do and even they shutdown/remove your whole website.
To prevent this, you should restrict access to the WordPress admin panel to specific IP(s) address only.
# Limit logins and admin by IP
<Limit GET POST PUT>
order deny,allow
deny from all
allow from xx.xx.xx.xx
#whitelist Farhan’s IP Address
</Limit>
Disable PHP Execution
Restricting the execution of PHP code for selected directories of your site is a critical WordPress website. Create a .htaccess file inside a folder where you don’t want to run PHP scripts, and add the snippet below.
<Files *.php>
deny from all
</Files>