Having a well-configured .htaccess file is crucial if you want to increase security and reduce vulnerabilities on your WordPress site. Usually, the main goal of creating a custom .htaccess file is to prevent your site from being hacked but it’s also an excellent way to handle redirects and manage cache-related tasks.
.htaccess is a configuration file used on Apache web servers. Most WordPress sites run on an Apache server, although a small portion is powered by Nginx. In this article, you can find a collection of .htaccess code snippets, most of which you can use to secure your website while the rest implements other useful features.
Don’t forget to back up the .htaccess file before you edit it so that you can always return to the previous version if something goes wrong.
And, if you’re someone who rather not touch configuration files I recommend you the BulletProof Security plugin which is the most reliable (and probably the oldest) free .htaccess security plugin on the market.
Create the default WP .htaccess
.htaccess works on a per-directory basis which means that each directory can have its own .htaccess file. It can easily happen that your WordPress site doesn’t have a .htaccess file yet. If you don’t find a .htaccess file in your root directory create an empty text file and name it to .htaccess.
Below, you can find the default .htaccess WordPress uses. Whenever you need this code you can quickly look it up in the WordPress Codex. Note that there is a different .htaccess for WP Multisite.
https://www.hongkiat.com/blog/useful-htaccess-snippets-for-wordpress/