Assemble a clean .htaccess: force HTTPS, www canonicalization, your own 301 redirects, the WordPress permalink rules, file protection and security headers. Everything is generated in your browser — nothing is transmitted.
# .htaccess — erzeugt mit forge12.com/wordpress-htaccess-generator
# Security-Header
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
# HTTPS erzwingen
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# Datei-Schutz
<Files wp-config.php>
Require all denied
</Files>
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
# Verzeichnis-Listing deaktivieren
Options -Indexes
Back up your existing .htaccess before applying. Rules require Apache with mod_rewrite/mod_headers (standard on most hosts).
Enable the rules you need and add your own 301 redirects. The code on the right updates live.
Download the existing .htaccess from your WordPress root (via FTP/SFTP or file manager) as a backup.
Paste the generated content into the .htaccess in your WordPress root, save and load your site. If anything breaks, restore the backup.
A configuration file for Apache web servers. It controls redirects, URL rewriting (permalinks), access protection, headers and caching — per directory, without touching the main server config.
In the installation root (where wp-config.php and the wp-content folder live). If there isn't one, just create it — the filename starts with a dot.
Under “Custom 301 redirects” on the left, enter the old path (e.g. /old-page) and the target (e.g. https://your-domain.com/new-page). The tool builds the matching Redirect 301 line.
A typo in .htaccess can trigger a 500 error. So back up the existing file first. If something breaks, restore the backup and you're back to where you were.
Yes. The .htaccess works with Apache (with mod_rewrite/mod_headers) — standard on most hosts. NGINX uses different config; get in touch and we'll translate the rules.
No. The tool runs entirely in your browser. There is no server endpoint; nothing is transmitted or stored.