https://perishablepress.com/stop-wordpress-changing-htaccess/
![[ Prevent WordPress Automatic .htaccess Modifications ]](https://perishablepress.com/wp/wp-content/images/2016/wordpress-htaccess.jpg)
In a recent tutorial, I explain how to Stop WordPress from modifying .htaccess. That post explains several ways to prevent WordPress from making changes to .htaccess. This post explains an even better way that is safe, effective, non-invasive, re-usable, and super simple. I’ve been using it on my own sites now for a few years and it works flawlessly.
Keep it Simple
So this post will be kept quick and super simple, as all of the theory and .htaccess explanation can be found in the original article. So if you want more context, theory, and so forth, hit that post before continuing with the following tutorial. Also (and I always repeat this) make sure to make a backup copy of your .htaccess file before making any changes. That way if something weird happens you always can restore the original file.
Important
This technique only should be used when necessary to prevent WordPress from modifying any custom WP rules that may be in place. Otherwise if you are not using your own custom rules, it is recommended to not use this technique so that WordPress can update its rules automatically as needed.
The Magic Code
Before explaining how it works, here is the magic .htaccess code:
# PREVENT WP AUTO MODS
# @ https://m0n.co/08
<IfModule mod_ignore_wordpress.c>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
</IfModule>See below for code explanation and implementation.
Explanation
The thing to understand with this code block, is that it effectively does nothing. In the first line, we use <IfModule> to check for a non-existent/imaginary Apache module, mod_ignore_wordpress. Because that module never will exist on any server, Apache ignores everything inside of the <IfModule> container. So the net effect of these rules on anything is absolutely nothing.
Inside of the outer <IfModule> container, are the default, automatically added WordPress rules. The ones that WordPress adds to your .htaccess file when you enable Permalinks. These inner rules are the ones that WordPress will find and update automatically as it pleases. And because the inner rules are ignored, you can have custom WordPress rules in place elsewhere in your .htaccess, and they won’t be affected by any of WordPress’ automatic modifications.
Meme It
Admittedly the underlying logic may be a bit abstract, so here is a simple diagram that hopefully explains it more clearly:
![[ Diagram showing default WP rules inside of disabling container ]](https://perishablepress.com/wp/wp-content/images/2019/prevent-wordpress-auto-mods.png)
The default added WP rules are disabled/ignored because they exist inside of a container that checks for a non-existent Apache module. Click image to view full-size (opens in new tab).Implementation
Once you understand how the code works, what it does, etc., feel free to add to any WordPress site that makes sense. As mentioned, I’ve been using that code snippet for years on some of my sites. For example at Perishable Press Books, I use customized WordPress rules to integrate e-commerce and short-URL functionality. The rules are carefully crafted and mission critical, so the last thing I want is for WordPress to make any changes. It would be a disaster.
The Key
The KEY to using this code effectively is to make sure that your custom WordPress rules do NOT look like the default WordPress rules. You want them to look different so WordPress does not recognize them. I think specifically this means that you do not want to include the first and last lines:
# BEGIN WordPress
.
.
.
# END WordPressDo not include anything similar to those lines with your custom code. For example, I just use # WORDPRESS and omit any closing commentary like so:
# WORDPRESS
<IfModule mod_rewrite.c>
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Whatever custom rules, etc.
RewriteRule . /index.php [L]
</IfModule>I also think # CUSTOM WORDPRESS and similar make sense. Here is an example of some custom WordPress rules together with the “prevent mods” fix:
# PREVENT WP AUTO MODS
# @ https://m0n.co/08
<IfModule mod_ignore_wordpress.c>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
</IfModule>
# CUSTOM WORDPRESS
<IfModule mod_rewrite.c>
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Whatever custom rules, etc.
RewriteRule . /index.php [L]
</IfModule>Notice how the first and last lines are unique for each of the rule blocks. WordPress will recognize and modify the first block and ignore the custom rules. It all is very simple and works beautifully.
For more in-depth discussion on this topic, check out the original post, Stop WordPress from modifying .htaccess.
Source: Security Feed