.htaccess Builder
Toggle common, safe WordPress .htaccess rules and watch a ready-to-use file assemble live. Everything runs in your browser, and nothing is sent to a server.
.htaccess before replacing it. Test on a staging site first. Some rules may need adjustment depending on your server configuration. This tool builds the file entirely in your browser, and nothing is uploaded.About the .htaccess Builder
The .htaccess Builder generates a clean, ready-to-use WordPress .htaccess file by letting you toggle common, safe rules instead of writing them by hand. It is built for WordPress developers, site administrators, and freelancers who want correct rewrite, security, and performance directives without memorizing Apache syntax. Everything runs in your browser, so you get a copy-paste-ready file in seconds with no signup and nothing sent to a server.
How it works
- Toggle the rules you want to include, such as the standard WordPress rewrite block, Force HTTPS, www to non-www (or non-www to www) redirects, GZIP/deflate compression, browser caching, and security hardening like protecting wp-config.php and disabling directory browsing.
- The tool live-assembles your selections into a single, properly ordered .htaccess file that updates instantly as you change options.
- Click Copy or Download, back up your existing .htaccess first, then upload the new file to your site's root directory and test the site.
Features
- One-click toggles for the standard WordPress rewrite block plus Force HTTPS and www/non-www redirects.
- Performance rules for GZIP/deflate compression and browser caching to speed up page loads.
- Security hardening options: protect wp-config.php, disable directory browsing, block access to .htaccess, disable XML-RPC, and protect the wp-includes directory.
- Live preview that assembles the combined file as you toggle, with Copy and Download buttons.
- 100% client-side and free, with no signup and no data sent to any server.
Frequently asked questions
Where does the .htaccess file go?
It belongs in the root directory of your WordPress site, the same folder that contains wp-config.php and wp-admin. The file name is exactly .htaccess with a leading dot and no extension. Because it starts with a dot it may be hidden, so enable 'show hidden files' in your FTP client or file manager.
Does this work on Nginx?
No. .htaccess is an Apache feature and is also honored by LiteSpeed servers, but Nginx ignores it entirely. If your site runs on Nginx you must add the equivalent directives to your Nginx server configuration instead. Check with your host if you are unsure which web server you use.
Will this break my site, and how do I undo it?
A malformed or conflicting .htaccess can cause a 500 Internal Server Error or redirect loops, so always back up your current file before replacing it. To undo any change, simply restore the backup you saved. If your site goes down and you cannot reach the dashboard, rename or replace the file via FTP or your host's file manager to recover.
What does the WordPress rewrite block do?
It is the standard set of mod_rewrite rules WordPress uses to power pretty permalinks, routing requests for URLs like /sample-post/ to index.php while leaving real files and folders alone. WordPress manages this block automatically between its '# BEGIN WordPress' and '# END WordPress' markers, so keep your custom rules outside those markers to avoid them being overwritten.
Should I force HTTPS here or somewhere else?
Forcing HTTPS in .htaccess works well on Apache and LiteSpeed, but it is often cleaner to handle redirects at the server, CDN, or hosting-panel level if that option is available, since it runs earlier and avoids redirect loops behind proxies. Whichever method you choose, use only one HTTPS redirect to prevent conflicts, and make sure you have a valid SSL certificate installed first.