How to recreate the WordPress default .htaccess file

Replace the contents of your site’s .htaccess file with the lines of code presented below to restore the file to its default state for use with WordPress.

The WordPress default .htaccess file

The default .htaccess file for WordPress is a text file containing instructions to the web server to direct all URLs on your site to WordPress so it can display the correct page for each URL.

If these instructions are altered or missing, such as due to a malware infection or corrupted plugin, you may find that the links on your site’s navigation bar and to your articles take you to a 404 (“file not found”) error page, or even to a malicious site.

How to restore the default WordPress .htaccess file

The WordPress default .htaccess file contains the following lines of code:

# BEGIN WordPress
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

To restore your WordPress site’s default .htaccess file, simply make a backup of the existing file, then replace its contents entirely with the above code.

Where is the WordPress .htaccess file located?

The WordPress .htaccess file should be placed in the main folder that contains your WordPress site. This is the same folder that contains the wp-config.php file.

Often, the folder has the same name as your domain and is located in the public_html folder. This is also known as the domain folder.

Still not seeing the WordPress .htaccess file?

If you do not see a file named .htaccess in your domain folder, be sure the app you’re using to look for the file is configured to show invisible files (files whose names begin with a dot).

If a .htaccess file truly does not exist in your domain folder, you may create the file, making sure in the filename to include the initial dot and ensure all characters are in lowercase.

Removing unwanted .htaccess files

There should not be any .htaccess files in the domain’s WordPress subfolders, which are the folders with names beginning with wp-.

If you find .htaccess files in the domain’s WordPress subfolders such as wp-admin, wp-content, wp-include, and even deeper folders within them, those .htaccess files more than likely were created by malware, and may need to be deleted to restore full site functionality.

You may also like:

Love our articles? HostM offers professional and helpful web hosting services with unlimited features and renewal rates that actually match our advertised rates.

Lifetime Hosting,
Limited Time Offer.

$499 one-time

$299 one-time

On Sale!

$7 Annual Maintenance Fee

The Ultimate
Web Hosting Package.

From $2.68/mo

Sign Up Now
Free Migration Available

We can help you move your
email and websites as desired.

Products
Hosting
Explore
Support
  • Copyright © 2025 HostM · All rights reserved.