How to Use .htaccess File to Improve Your WordPress Blog

, by , Tutorials

The Ways to Use .htaccess to Speed Up WordPress

Now  I would like to guide use  .htaccess file as a way to speed up and protect your site. Today we’re going to look at ten easy methods to speed up WordPress with the .htaccess file. Not all of these apply specifically to WordPress; you could easily apply most of these to any other site.

1. Protect the .htaccess

# STRONG HTACCESS PROTECTION</code> <Files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </Files> 

2.Rename the .htaccess file (thus making it harder to find)

# rename htaccess files AccessFileName ht.access 

3.Allow access to the wp-login file to only certain IP addresses (ie yours!)

<Files wp-login.php> Order deny,allow Deny from All Allow from 123.456.789.0 </Files>

4. Stop scrapers

The low life that scrape your content are too using up your resources, and they can be stopped from accessing your RSS feed  if you’ve got their IP address and the code below in your .htaccess

RewriteEngine on RewriteCond %{REMOTE_ADDR} ^69.16.226.12 RewriteRule ^(.*)$ http://newfeedurl.com/feed

5. Use PHP compression

Another compression technique, this time for PHP. At this rate, your blog will be compressed to 1kb!

# php compression – use with caution <ifmodule mod_php4.c> php_value zlib.output_compression 16386 </ifmodule>

6.Stop spammers

Just like hotlinking, every time a spammer comes on to your site, they’re using your resources, so by stopping spammers you can free up said resources and speed up your site. There are a number of ways of doing this; Perishable Press has some brilliant blacklists, but often highlighted as the tell tale sign of a spam comment is the no refferer; it seems to have come from nowhere. The following will stop no referrer requests and therefore stop spam also:

RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post\.php* RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L

7. Block spammers

After stopping spammers, we’re now blocking them too! Change the line deny from 123.346 etc to include the IP of said spammer.

<Limit GET POST PUT> order allow, deny allow from all deny from 123.456.789 </LIMIT>

8. Stop hotlinking

When someone hotlinks an image on your site, that’s using up your resources and so potentially slowing down your site. Thankfully, it’s really easy to stop hotlinking with the following .htaccess trick:

#disable hotlinking of images with forbidden or custom image option RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC] #RewriteRule \.(gif|jpg)$ - [F] RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/stophotlinking.jpg [R,L] 

9. gzip files

gzip allows you to compress files, so obviously that means they load faster. The code below will gzip html, text, css, js and php files:

<ifModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text/.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image/.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </ifModule> 

10. Combine gzip and caching

Combining the two tips above, gzip and caching, the code below is a brilliant snippet from Samuel Santos‘ site:

# BEGIN Compress text files SetOutputFilter DEFLATE # END Compress text files # BEGIN Expire headers ExpiresActive On ExpiresDefault "access plus 1 seconds" ExpiresByType image/x-icon "access plus 2592000 seconds" ExpiresByType image/jpeg "access plus 2592000 seconds" ExpiresByType image/png "access plus 2592000 seconds" ExpiresByType image/gif "access plus 2592000 seconds" ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds" ExpiresByType text/css "access plus 604800 seconds" ExpiresByType text/javascript "access plus 216000 seconds" ExpiresByType application/x-javascript "access plus 216000 seconds" ExpiresByType text/html "access plus 600 seconds" ExpiresByType application/xhtml+xml "access plus 600 seconds" # END Expire headers # BEGIN Cache-Control Headers Header set Cache-Control "max-age=2592000, public" Header set Cache-Control "max-age=604800, public" Header set Cache-Control "max-age=216000, private" Header set Cache-Control "max-age=600, private, must-revalidate" # END Cache-Control Headers # BEGIN Turn ETags Off Header unset ETag FileETag None # END Turn ETags Off # BEGIN Remove Last-Modified Header Header unset Last-Modified # END Remove Last-Modified Header 

11.Redirecting (www to non www) or (non www to www)

Redirect www to non-www:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.yourdomain.com [NC]
RewriteRule ^(.*)$ http://yourdomain.com/$1 [L,R=301]
</IfModule>

Redirect non-www to www:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^yourdomain.com [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [L,R=301]
</IfModule>

12. Protection

Just add the following to your .htaccess under the www directory:

# to protect wp-config.php
 <Files wp-config.php>
 order allow,deny
 deny from all
 </Files>

13. Disable Directory Browsing or Enable Indexing

– Turning Off Directory Browsing with .htaccess

# disable directory browsing
Options All -Indexes

-Enable Directory Browsing or Indexing

You can reactivate it by adding the following line to your .htaccess file:

Options +Indexes

14. Blocking bad bots and site rippers (aka offline browsers)

The definition of a “bad bot” varies depending on who you ask, but most would agree they are the spiders that do a lot more harm than good on your site (ie: anemail harvester). A site ripper on the other hand are offline browsing programs that a surfer may unleash on your site to crawl and download every one of its pages for offline viewing. In both cases, both your site’s bandwidth and resource usage are jacked up as a result, sometimes to the point of crashing your server

. Bad bots typically ignore the wishes of your robots.txt file, so you’ll want to ban them using means such as .htaccess. The trick is to identify a bad bot.

Below is a useful code block you can insert into.htaccess file for blocking a lot of the known bad bots and site rippers currently out there. It is derived from my reading of the excellent discussion “A close to perfect .htaccess file“, specifically, “A close to perfect .htaccess file II.” Simply add the below code to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]

You can configure htaccess by using  WordPress Plugin

Easy to use “Suggested htaccess” rules:

  • Jim Morgan’s htaccess;
  • Disable directory browsing;
  • Disable and redirect image hotlinking;
  • Force canonical url (WWW or non-WWW);
  • Limit maximum file upload size;
  • Protect wp-config.php file from access;
  • Protect .htaccess file from access;
  • Set 500 error page;
  • Set 403 error page;
  • Use mod_gzip if available;
  • Use mod_deflate if available;
  • Set admin email on server generated error pages;
  • Disable ServerSignature on server generated error pages.

Related

40+ Free Responsive Navigation Menu Plugins & Tutorials

20+ PHP jQuery CSS Poll Vote & Survey Code Script

90+ Free Responsive jQuery Image Slider & Slideshow Download

30+ Free HTML5 jQuery Upload File Scripts Example

50+ Useful jQuery CSS3 Loading & Progress Bar Tutorials

Written by

Graham Bill is a professional web designer and developer for both WordPress, Joomla and platform for eCommerce websites.