Phase 4 · Guide #36 · Utilities

.htaccess Editor (safe editing & backups)

Edit the root .htaccess from WordPress with automatic backups, validation, and Quick Snippets for common performance and security rules. Open SEO Rank Genius → Tools & Analytics and choose the .htaccess Editor tab (tab=htaccess-editor).

9 min readApache · backups · snippetsNo inline scripts in this guide

Before you start

Direct URL (bookmark-friendly): /wp-admin/admin.php?page=seo-link-genius_tools&tab=htaccess-editor. You need an administrator-capable account; treat this screen like production infrastructure—one malformed directive can return 500 errors for every request.

Apache vs. other stacks .htaccess is honored on typical Apache + mod_rewrite hosts. Pure Nginx or managed edge rules use different config files—this tab still shows the file if it exists, but your server may ignore it. Confirm with your host before relying on snippets.
/wp-admin/admin.php?page=seo-link-genius_tools&tab=htaccess-editor
WordPress › SEO Rank Genius › Tools & Analytics
Reports Tools Integrations Utilities Crawl

Utilities column

Select .htaccess Editor from the Utilities group in the tab rail.

URL Medic404
URL Redirects301
.htaccess EditorActive

Pattern: srg-mock-bar + dark srg-mock-wpbar + tab rail mirroring Tools & Analytics.

  • Try changes on staging or during a low-traffic window when possible.
  • Keep host panel or SFTP access ready—if the admin UI cannot load, you restore .htaccess at the filesystem level.
  • Pair HTTP-layer fixes here with in-plugin redirect tools so you are not maintaining two conflicting rewrite stories.

.htaccess screen

The tab opens with a short feature description, an amber Caution banner, and three status chips: whether .htaccess exists, whether the file (or web root) is writable, and how many backups are on file. The main column is a monospace editor with Refresh (reload from disk) and Save Changes; the footer shows the absolute path and file size when the file is present.

Read the banner every time Incorrect rules can take the whole site offline. The plugin warns explicitly—treat saves as a deployment, not a quick note pad.
…/seo-link-genius_tools&tab=htaccess-editor
Tools & Analytics › Utilities › .htaccess Editor

Caution

Editing .htaccess can break your site. Test carefully; use FTP or backups if you lose access.

File
Exists
Writable
Yes
Backups
4
.htaccess Content Refresh
# BEGIN WordPress
RewriteEngine On
/public_html/.htaccess · 2 KB Save Changes

Status row + dark editor + footer path mirror the live tab-htaccess-editor.php layout.

Refresh before you edit If another tool or deploy script touched .htaccess, hit Refresh so you are not saving over newer disk content.

Backup & restore

Each successful save creates a new backup before the file is written, tagged with a reason (for example “Manual edit”) and line count. The plugin keeps a rolling history (up to ten backups); files are stored under your uploads directory in a dedicated folder that is protected from direct web access.

  • Preview — open a read-only view of a snapshot before you commit to restoring it.
  • Restore — write that snapshot back to .htaccess and refresh the editor; another backup is created as part of the safe write path.
  • Load into Editor (from the preview modal) — copy backup text into the textarea so you can merge changes manually, then save once you are satisfied.
…/tab=htaccess-editor › Backup History
SEO Rank Genius › .htaccess › Backups
Backup History
May 24, 2026 · 9:42 PM Manual edit · 86 lines
Preview Restore
May 22, 2026 · 11:05 AM Manual edit · 72 lines
Preview Restore

srg-mock-metabox rows stand in for the sidebar Backup History list with preview and restore actions.

When the list is empty The UI explains that backups appear after the first save. You do not need a no-op change—save a known-good file once to seed history.

Common SEO rules (Quick Snippets)

The right column lists Quick Snippets. Clicking an item appends its block to the end of the editor (with spacing) if that snippet is not already detected—duplicates trigger a warning instead of silent repeats. Categories appear as security or performance labels in the product UI.

Shipped snippets include: Fix REST API 403 Errors, Enable GZIP Compression, Browser Caching Headers, Security Headers, Block XML-RPC, Protect wp-config.php, Disable Directory Browsing, and Force HTTPS. Use them to support Core Web Vitals (compression + caching), harden admin surfaces, and align TLS—while keeping granular redirect matrices in Rank Genius redirect tools rather than duplicating dozens of brittle rewrite lines.

…/tab=htaccess-editor › Quick Snippets
SEO Rank Genius › Snippets sidebar
Quick Snippets
Browser Caching Headers performance
Expires headers for images, CSS, and JS bundles.
Force HTTPS security
Rewrite HTTP → HTTPS (confirm certs first).
Security Headers security
X-Content-Type-Options, framing policy, referrer policy …

Click-to-append workflow; categories match snippet metadata in code.

# Force HTTPS — verify SSL before saving
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTPS} off
  …
</IfModule>

Safety checklist

1

Preserve WordPress core blocks

Keep existing # BEGIN WordPress / # END WordPress sections intact unless your host documented a migration. Custom rules usually belong above or below that block per host guidance—not randomly in the middle.

2

Match paired directives

Saves validate balanced <IfModule>, <Directory>, and <Files> tags. Asymmetric pairs block the write and flash an error rather than silently breaking production.

3

Test after saving

Load the homepage, a single post, and wp-login in a private window. CDN users should purge HTML edge cache so you are not seeing an older error page.

No duplicate HTTPS stacksIf Cloudflare or the host already enforces TLS, layering multiple force-HTTPS chains can loop.
Redirects live elsewhere tooPrefer Rank Genius redirect managers for large 301 matrices; keep .htaccess for server fundamentals.
Snippets ≠ robots policyCrawler allow/deny belongs in Crawl Intelligence; pair with indexing advanced options.
Security snippets & pluginsOverlapping firewall or header plugins can duplicate headers—spot-check response headers.

Troubleshooting

Most incidents map to filesystem permissions, failed validation, or environmental mismatch (Apache modules missing). Work through browser errors and the admin notices together—they often include the validator message verbatim.

…/tab=htaccess-editor › permissions
SEO Rank Genius › .htaccess › Read-only
File
Exists
Writable
No
Backups
6
.htaccess Content

Save disabled

Update owner/group or ACLs via host panel—the textarea stays read-only until PHP can write .htaccess.

Validator rejected my paste

Count opening/closing wrappers, then retry. Mixed encoding from Google Docs frequently introduces invisible characters—paste through a plain editor first.

Read-only installs mirror production hardening—fix permissions externally, then reload the tab.

Blank editor but file existsConfirm readability and security plugins blocking file_get_contents overrides.
500 immediately after saveRestore the latest backup via FTP/host file manager, then revert the offending lines.
Snippet has no effectMissing Apache module (for example mod_expires) silently skips blocks inside IfModule guards.
Redirects fight each otherConsolidate policy with URL Redirects plus the URL Medic / 404 workflow linked below.
See plans & limits Indexing advanced options →

Continue learning

Redirects, 404 & URL MedicClean up broken routes after HTTP-layer experiments. URL Redirects ManagerCentralize 301/302 maps without hand-editing rewrites. robots.txt & llms.txtCrawl intelligence separate from server rewrite rules. Indexing Advanced OptionsCanonical, cache, and sitemap diagnostics.