.htaccess is a configuration file and how Apache servers handles requests as defined in .htaccess file and defined htaccess rewriting rules. Generally speaking a web server takes a URL that references or locations of a file in the server’s document file system and loads particular file then and then processes the declared .htaccess rewriting rules mapping the content or files in it to generate HTML sent back when user browse website.
Aimed at WordPress files such as wp-login.php and that’s exactly how the login screen is generated in WordPress. When presented with a pretty permalink such as example.com/2012/somecategory/somepost, the web server just needs to load the main loop of WordPress so that the core code can parse the URL and turn it into a database query that finds a post with the title somefold in the category somecateogory as example taken here.
Unlike a static website where you would have created a file with that name, WordPress stores its content in a database only a few files are loaded directly when you declare .htaccess Rewriting Rules.
The WordPress permalink mechanism is summarized in three htaccess rewriting rules added to the .htaccess file when you enable permalinks the default .htaccess file will be generated once after you open and save settings or enable settings in permalinks:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [ L]
Fairly, the above declared RewriteCond and RewriteRule these rules will check the URL used to access your site to see if it mentions or refers to an existing file or directory in the filesystem hierarchy.
Related Coverage:
1. What is htaccess file in WordPress and its Uses
2. How to Do HTTP 301 Redirect SEO Http 301 WordPress htaccess File
3. What are Permalinks in WordPress: How to Enable, Customize Permalink Tags
4. How to Increase PHP Memory Limit WordPress
5. Complete list of Http Status Codes Error Responses in Detail
The !-f and !-d notations are negations; .htaccess is ensuring that the URL does not refer to any valid file or directory pathname and if the URL does, in fact, match a valid file i.e for example, a WordPress administrative function such as wp-login .php then no rewriting is done and the web server tries loading that file (to execute the PHP code contained within).
If there’s no file or directory at the path specified by the supplied URL, then the incoming URL is rewritten to index.php file, invoking the core of the WordPress system.
The simple check for whether a file or directory exists can have accidental or unintended side effects if you put non-WordPress web server content in the same directory structure as the WordPress code.
For example, lets consider a directory of images as a peer directory of wp-content: example.com/wp-content and example.com/images. You might choose to bypass the WordPress media library because those images are managed by their own set of consume processes.
Wrong URL Points to a nonexistent file?
The .htaccess rewriting rule will be fired because there is no such file or directory with that name and then WordPress core will be started to execute. A user expecting to see an image will instead get the default WordPress site content when they should have received a 404 error for a nonexistent URL.
If you are going to add directories around your WordPress installation, either place WordPress in its own sub-directory (example.com/WordPress) or add a rewrite rule to .htaccess that recognizes and detect changes that you have added peer directories and immediately handle those URLs off to the web server:
RewriteRule ^images/(.*) images/$1 [L]
These .htaccess rule effectively says that, “Take any URL that starts with the component images, and pass it off to the web server.” The [L] directive means “stop processing after matching this rule” and the rewrite itself simply echoes back what it was passed.
If you’re going to have a few directories sitting in parallel with the WordPress installation, you’ll need one rewrite rule for each.
The .htaccess file can also manage URL redirects as well. If you change your About page from
http:// example.com/about
to
http://example.com/about-me
Anyone who visits your original URL will hit a 404 page. A URL redirect will redirect from the old URL to the new URL so your visitors won’t get lost.
This also triggers search engines about the new URL so they can update their search index and rank accordingly.
Example of htaccess Rewriting Rules 301 Redirect to a Page
Following is an example of a 301 permanent redirect to a static page:
redirect 301 /about http://example.com/about-me
WordPress does some additional rewriting and cleanup of URLs to improve search engine results.
Configuring with htaccess Rewriting Rules file in WordPress
The .htaccess file is very powerful and can control more than just URL structure. For instance, you can control PHP configuration options using the .htaccess file as-well and to increase the memory allotted to PHP use this line:
php_value memory_limit 64M
This increases the memory limit in PHP to 64 MB. You can also increase the max file size upload and post size also by defining as below:
php_value upload_max_filesize 20M
php_value post_max_size 20M
Now, the maximum file size you can post from a form and upload is set to 20 MB. Most hosting companies set these values to around 2 MB by default, so these are settings that will be used often for larger file uploads.
Not all hosting companies will allow these values to be set in your .htaccess file, and they could create an error on your website if that is the case.
Restrict Login with IP Address by Declaring htaccess
The .htaccess file can also be used for security purposes to make website secure. Using .htaccess Rewriting Rules allows you to restrict access to your website by IP address and allow via ip address login as well, basically locking it down from anonymous visitors login. To lock down your website by IP addresses, add the following code to your .htaccess file:
AuthUserFile /staging/null
AuthGroupFile /staging/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to whitelist
allow from xxx. xxx. xxx. xxx – you need to remove spaces after dot.
Make sure that you replaces xxx. xxx .xxx .xxx with your any IP address that you want them to login. By adding ip address it will allow them to login to your website.
You can have multiple allow from lines so add as many IP addresses as you need. This allows access to your website only if you are using an IP address defined here.
A more widely used option is to lock down your wp-admin directory. This means that only IP addresses you specify can access your admin dashboard URLs.
This makes it much harder for anyone else to try to hack your WordPress back end. To accomplish this, create a separate .htaccess file in your wp-admin directory with the preceding code.
Enable error logging by htaccess Rewriting Rules file
You can also enable error logging from the .htaccess file. The initial step is to create a php-errors.log file in your WordPress root directory. Then add the following code to your .htaccess file to enable error logging:
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
php_flag log_errors on
php_value error_log /public_html/php-errors.log
This enables error logging but suppresses any error messages from displaying. Again this is a perfect setup for a production environment because you don’t want errors publicly displayed.
You can have multiple .htaccess Rewriting Rules redirects as well in .htaccess file, subfolder to another folder, http to httpS redirections and regular express redirections and many more