The 7 Most Useful .htaccess Tips & Tricks for WordPress
Whether you’re an expert WordPress developer who builds themes and plugins or someone running a WordPress site or blog, you surely know about the .htaccess file. A majority of WordPress users use it while fixing their permalinks. However, a .htaccess file can do much more than just fixing permalinks. It’s basically a configuration file that gives you complete control over your WordPress files and folders. .htaccess stands for hypertext access and allows you to enhance your site’s performance and security.
How to Create a .htaccess File?
The .htaccess file is located in your WordPress site’s root folder, and you rarely need to create it manually as it comes packed with every WordPress installation. To create this file, all you need to do is open a blank document and save it with .htaccess and upload it to the root directory.
The .htaccess file was initially used to allow per-directory access control. However, you can now use it for various configuration settings, most of them associated with content control.
A large number of WordPress sites use this file to prevent hackers, spammers, and other dangers. Since the file plays an important role in maintaining your website, it is essential to know how to use it. Here are certain .htaccess tips and tricks to help you make the most of it.
#Protect wp-config.php
WP-config.php is one of your WordPress site’s most important files as it is configuration files and includes many crucial settings. Secure it with these lines of code:
<files wp-config.php>
order allow,deny
deny from all
</files>
#Restrict Admin Area Access
A majority of hackers use the admin area as their main entry point, so it is extremely significant to secure it. Use these lines of code:
<Limit GET POST>
order allow,deny
deny from all
allow from xxx.xxx.xx.x
</Limit>
#Maintenance Page
Updating your website from time to time is quite common. However, what do you do when you are updating your live website? Do you allow your visitors to see the changes in real-time? Or you add a maintenance page and redirect your visitors to it?
There are many maintenance page plugins available to help you create a maintenance page and redirect your users to it. However, these plugins are of no help if your website isn’t working in coordination with them. Instead of depending entirely on the plugins’ functionality, you can add a maintenance HTML file and add a few code lines in your .htaccess file to make it work every time you update your website or, even worse, if it gets hacked.
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123.123.123.123
RewriteRule $ /maintenance.html [R=302,L]
Change the above code according to your website specification. Rename the maintenance.html file with the name of your HTML file and the actual location of the file. Also, add your IP address in the third line.
#Enable Browser Caching
Browser caching allows your visitors to save webpages or specific information on your website to prevent downloading every time they visit your website. This not only reduces your bandwidth cost but also improves the speed of your website. Browser caching is used for media files and CSS stylesheets and enables visitors to load the files from their system instead of web servers. Add these lines of code to achieve it:
## EXPIRES HEADER CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg “access 1 year”
ExpiresByType image/jpeg “access 1 year”
ExpiresByType image/gif “access 1 year”
ExpiresByType image/png “access 1 year”
ExpiresByType image/svg “access 1 year”
ExpiresByType text/css “access 1 month”
ExpiresByType application/pdf “access 1 month”
ExpiresByType application/javascript “access 1 month”
ExpiresByType application/x-javascript “access 1 month”
ExpiresByType application/x-shockwave-flash “access 1 month”
ExpiresByType image/x-icon “access 1 year”
ExpiresDefault “access 2 days”
</IfModule>
## EXPIRES HEADER CACHING ##
#Disable Hotlinking
Hotlinking means allowing someone to share the images of your website through linking to the image URL. Hotlinking usually negatively impacts your website, including increased bandwidth costs, poor performance, and removal of the images. You can easily disable hotlinking by adding these lines of code.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?yourotherwebsite.com [NC]
RewriteRule .(jpg|jpeg|png|gif)$ – [NC,F,L]
#Redirect a URL
There are times when you change your domain or move your website to a new location. This is when you need to notify search engines about the move and redirect pages or URLs. Whenever your website or page URL changes, 301 redirects come into play. They allow you to notify search engines. To make it work, you need to add a line of code in your .htaccess file with an old and a new location.
Redirect 301 /oldpage.html http://www.yourwebsite.com/newpage.html
Redirect 301 /oldfolder/page2.html /folder3/page7.html
Redirect 301 / http://www.mynewwebsite.com/
#Ban IP Addresses
Well, maintaining a website is not easy. The threat of being hacked keeps increasing with the passage of each day. The unusual requests from different IP addresses insist you block them to maintain security. To ban specific IP addresses, add these lines of code to your .htaccess file.
<Limit GET POST>
order allow,deny
deny from xxx.xxx.xx.x
allow from all
</Limit>
Use these tips and tricks to make your WordPress site more secure and prevent spamming and hacking.