Codeable info

Edit Your .htaccess File In Your WordPress Dashboard With WP Htaccess Editor

Posted on by in Blog

The most common way of editing the .htaccess file is via the hosting file manager or using a text editor on your computer and then overwriting the file afterwards. If you prefer to do everything via your WordPress admin area, you may want to consider installing the WP Htaccess Editor WordPress plugin.

Once installed, you can edit your .htaccess file directly in your admin area. This is useful if you edit your .htaccess file on a regular basis (for example, for setting up link redirects).

The plugin also has a useful backup facility. When you select the backup option it creates a copy of your .htaccess file in your wp-content folder. It also gives you the option to download the file directly to your computer. If anything goes wrong you will probably have to revert htaccess via your host file manager or directly via FTP so it’s prudent to keep a copy to save a copy on your computer as well.

There’s not really much to WP Htaccess Editor. It does exactly what it promises it will do and does it well. I don’t recommend using this unless you are very experienced with editing the htaccess file as it is a very temperamental file. For example, by placing just one character in the wrong place you can totally disable your own site. Experienced website owners will find this useful for making quick edits though. Gennady also raised a good point about this plugin being a security risk. If someone was able to gain access to your WordPress website they would be able to compromise your site as well as others on the server.

Taking these points into consideration, it was wise to always update your htaccess via FTP.


Link: WP Htaccess Editor

Codeable info

Comments (8)

Comment by WasifIftikhar says:

Dear i want to integrate my web site user with wp data bases user.mean my web site user can login on wp site.can it possible?

Comment by soulseekah says:

@wpverse Why give an attacker such a huge opportunity to compromise the whole server once they’re in? Bad idea, no? Commented on the post.

Comment by wpverse says:

@soulseekah do you mean the .htaccess file? It’s definitely for advanced users.

Comment by Kevin Muldoon says:

@Gennady I agree. It’s a big risk if other websites on the server can be affected as well. I’ll update my post to reflect this.

Comment by Gennady says:

@Kevin Muldoon If you’re running one site on shared hosting, yes, I wouldn’t worry about it too much. But rolling with your own private server with at least a couple of websites and you wouldn’t want anything as dangerous inside any of them.

Content can be salvaged via regular backups and even simple revision rollbacks. But once the server is compromised along with the databases you’ll have to be worried about much much more.

I even recommend removing built-in Plugin and Theme Editor functionality from WordPress for the same reasons.

Besides, even the most proficient and experienced folks out there get a misplaced parenthesis now and then in .htaccess, resulting in 500 lockups, meaning they’ll still need to open up FTP to go in and fix it :)

Comment by Kevin Muldoon says:

That’s a fair point. I would be just as worried if someone gained access to my site though as they could delete posts/pages etc.

Comment by Gennady says:

Suppose an attacker gains access to the Admin. They would normally not be able to do anything except change site content. With the “power” of this plugin you’re in for backdoor trouble, whole server will be compromised by adding a couple of directives. Why provide such a dangerous point of entry? A huge hole. PHP isn’t even supposed to be able to write to .htaccess, for all security purposes.

Comment by soulseekah says:

Editing of potentially dangerous files from the WordPress Dashboard. Disturbing. @wpverse

Codeable info