A .htaccess file is a distributed configuration file that’s present not just in WordPress, but in all Apache web hostings. .htaccess files can be used to boost your website’s performance, security and usability. A few features that you can enable or disable using a .htaccess file include server signature, file caching, URL redirection, password protection and custom error pages.

WordPress installations may or may not contain the .htaccess file in the root directory, depending on your permalink structure; while a default ‘ugly’ permalink structure comes sans .htaccess, a pretty permalink structure auto creates a .htaccess file in your WordPress. In case you’re using default WordPress settings (read an ugly permalink structure), it is highly advisable to change it to a pretty permalink structure. Now assuming that you want to enable default pretty permalinks, create a new notepad file and rename it to .htaccess (not .htaccess.txt). Include the following basic code in the file:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L] </IfModule>
# END WordPress

Save the changes and upload the file to your WordPress root directory using FTP.

Protect your .htaccess File

To protect your .htaccess file from external users and to tighten website security, it is recommended to add the following code to the .htaccess file:

<Files .htaccess>
order allow,deny
deny from all
</Files>

While making any modification to your .htaccess file, it is important to remember that even a tiny error in the .htaccess file can cause a major issue on your website, so much so you might even end up disabling your entire server with one simple typo. Hence, it is advisable to make a backup of your .htaccess file before making any changes to it. This way, if something goes wrong, you can always revert to the backup version of the file. Alternatively, you can opt for a WordPress security plugin like MalCare which comes with a Site Hardening feature. There you can disable file editor that will block anyone who gains access to your site from modifying anything on the .htaccess file.