How to find and edit an .htaccess file in WordPress (cPanel)

Share with others

Have you ever wondered what an .htaccess file is and why it is important for your WordPress website? If you are a beginner, you might not be familiar with this file and how to edit it. But don’t worry, we are here to help you.

This is a comprehensive guide where we will explain what an .htaccess file is, how to find it, and how to edit it using cPanel. We will also show you some examples of how to use the .htaccess file to improve your website’s performance, security, and functionality.

Let’s begin!

What is an .htaccess file?

A featured image with WordPress logo showing editing files

An .htaccess file is a configuration file that controls how your web server handles requests to your website. It stands for “hypertext access” and it is a hidden file that is usually located in the root directory of your website. The .htaccess file can be used to perform various tasks, such as:

  • Redirecting users to different URLs
  • Enabling or disabling features such as caching, compression, and password protection
  • Setting rules for accessing specific files or directories
  • Blocking or allowing access from certain IP addresses or user agents
  • Customizing error pages and messages

The .htaccess file is very powerful and flexible, but it can also be very complex and risky. If you make a mistake in editing the .htaccess file, you might break your website or expose it to hackers. Therefore, you should always be careful and backup your .htaccess file before making any changes.

How to find the .htaccess file in WordPress via cPanel

A featured image with computer screen showing dangerous files illustration

To find the .htaccess file in WordPress, you need to access your website’s files using a file manager tool. One of the most common and easy ways to do this is to use cPanel, which is a web hosting control panel that allows you to manage your website’s files, databases, email accounts, and more. Here are the steps to find the .htaccess file in WordPress/cPanel:

  1. Log into your hosting account and go to cPanel. You can usually access cPanel by adding /cpanel to the end of your website’s URL, such as
  2. In cPanel, look for the Files section and click on File Manager. This will open a new window where you can browse and edit your website’s files.
  3. In File Manager, make sure that you can see hidden files. To do this, click on the Settings button at the top right corner and check the box that says Show Hidden Files (dotfiles). Then, click Save.
  4. In File Manager, navigate to the root directory of your website. This is usually the public_html folder, where you can find all the files and folders of your WordPress installation. If you have multiple websites on the same hosting account, you might need to open the folder that corresponds to the domain name of the website you want to edit.
  5. In the root directory, look for the .htaccess file. It should be among the files that start with a dot, such as .htpasswd, .user.ini, and .wp-config.php. If you don’t see the .htaccess file, it means that it has not been created yet. You can create one by clicking on the + File button at the top left corner and naming it .htaccess.

How to edit the .htaccess file in WordPress from cPanel

Proceed with caution: Before making any changes to .htaaccess file, we encourage you to backup your file. Incase anything goes sideways, you can always restore the .htaaccess file to fix the website.

Once you have found the .htaccess file, you can edit it using the built-in editor in File Manager. Here are the steps to edit the .htaccess file in WordPress/cPanel:

  1. Right-click on the .htaccess file and select Edit. This will open a new window where you can see the code of the .htaccess file. You might see a warning message that says “Editing this file may cause errors on your site. Are you sure you want to edit this file?” Click on the Edit button to proceed.
  2. In the editor window, you can add, modify, or delete the code of the .htaccess file. You can use the toolbar at the top to undo, redo, cut, copy, paste, find, replace, and save your changes. You can also use the line numbers and the syntax highlighting to help you write the code correctly.
  3. When you are done editing the .htaccess file, click on the Save Changes button at the top right corner. This will save your changes and close the editor window. You can also click on the Cancel button if you want to discard your changes and close the editor window.
  4. In File Manager, you can refresh the page to see the updated .htaccess file. You can also test your website to see if the changes have taken effect and if everything is working properly.

Examples of how the .htaccess file is used

A person working on a computer website

Now that you know how to find and edit the .htaccess file in WordPress/cPanel, you might be wondering what you can do with it. Here are some examples of how to use the .htaccess file to improve your website’s performance, security, and functionality:

  • Redirect users to HTTPS: If you have an SSL certificate for your website, you can use the .htaccess file to redirect users from HTTP to HTTPS. This will make your website more secure and improve your SEO ranking. To do this, add the following code to the top of your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • Enable GZIP compression: GZIP compression is a technique that reduces the size of your website’s files, such as HTML, CSS, and JavaScript. This will make your website load faster and save bandwidth. To enable GZIP compression, add the following code to your .htaccess file:
<IfModule mod_deflate.c>
  # Compress HTML, CSS, JavaScript, Text, XML and fonts
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE font/opentype
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml

  # Remove browser bugs (only needed for really old browsers)
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  Header append Vary User-Agent
  • Set browser caching: Browser caching is a technique that tells the browser to store some of your website’s files locally, such as images, icons, and fonts. This will make your website load faster and reduce server load. To set browser caching, add the following code to your .htaccess file:
<IfModule mod_expires.c>
  # Enable expirations
  ExpiresActive On

  # Default directive
  ExpiresDefault "access plus 1 month"

  # My favicon
  ExpiresByType image/x-icon "access plus 1 year"

  # Images
  ExpiresByType image/gif "access plus 1 month"
  ExpiresByType image/png "access plus 1 month"
  ExpiresByType image/jpg "access plus 1 month"
  ExpiresByType image/jpeg "access plus 1 month"

  # CSS
  ExpiresByType text/css "access plus 1 month"

  # Javascript
  ExpiresByType application/javascript "access plus 1 year"
  • Protect your wp-config.php file: The wp-config.php file is one of the most important files in your WordPress installation, as it contains your database credentials and other sensitive information. You can use the .htaccess file to deny access to this file from anyone except yourself. To do this, add the following code to your .htaccess file:
<files wp-config.php>
  order allow,deny
  deny from all
  • Block an IP address: If you want to prevent a specific IP address from accessing your website, you can use the .htaccess file to block it. This can be useful if you are facing spam, hacking, or other malicious attacks from a certain source. To block an IP address, add the following code to your .htaccess file, replacing 123.456.789.0 with the IP address you want to block:
<Limit GET POST>
  order allow,deny
  deny from 123.456.789.0
  allow from all

These are just some of the examples of how to use the .htaccess file to improve your website’s performance, security, and functionality.

Of course, there are many more things you can do with the .htaccess file, depending on your needs and preferences. You can find more in our .htaaccess guides section.

We hope this article has helped you understand how to find and edit the .htaccess file in WordPress using cPanel. If you have any questions or feedback, feel free to leave a comment below.

Share with others

Abdullah, AKA "abdugeek," is a computer scientist turned tech writer and certified Growth Hacker. He has a versatile entrepreneurial mindset and is well-versed in the digital world with passion for animals, particularly fish. Founder of multiple digital startups in technology sector, he's constantly pushing boundaries and seeking new opportunities. Follow him on social media or learn more about him on his website.

Articles: 29

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.