What are these htaccess files that keep popping up?

If you keep finding .htaccess files appearing in your directories that you did not create, they are being generated by cPanel, your CMS (like WordPress or Joomla), or a security tool. These are normal and serve important purposes.

01. What Creates Them

• cPanel - Password-protected directories, PHP handler settings, redirects, hotlink protection, index settings, and more
• WordPress - Permalink settings (Settings > Permalinks) write rewrite rules to .htaccess
• Security plugins - Wordfence, iThemes Security, and similar plugins add firewall rules to .htaccess
• Caching plugins - WP Super Cache, W3 Total Cache, and LiteSpeed Cache add caching directives
• Server security - Imunify360 and ModSecurity may add protective rules

02. Should You Delete Them?

Generally, no. Deleting .htaccess files can break your website's permalink structure, disable security features, remove password protection, and undo PHP configuration changes.

If you want to know what a specific .htaccess file does, open it in cPanel File Manager (make sure "Show Hidden Files" is enabled in Settings) and read the comments. Most auto-generated rules include comments explaining their purpose.

For a comprehensive guide on what you can do with .htaccess, see Complete Guide to .htaccess on Apache. If you cannot see .htaccess files in your FTP client, see When I Upload an .htaccess File It Disappears.

Quick Recap

1. .htaccess files are auto-generated by cPanel, WordPress, and plugins
2. Do not delete them unless you understand what they do
3. Back up before editing
4. Enable "Show Hidden Files" in File Manager to see them
5. Read the comments inside the file to understand the rules

Understanding .htaccess on your hosting account · Last updated March 2026 · Browse all htaccess articles