Categories: Tutorials

Htaccess snippet collection

Link To Tutorial Htaccess Snippet Collection

.htaccess (yes, a nameless file with the extension “htaccess”) is a hidden Apache configuration file. It can be placed in any directory within your website, but the main one is placed in the root folder. It allows you to further protect your website, set redirects and tweak performance.

Over the years, I’ve gathered a small collection of .htaccess snippets for the WordPress websites I create. So here’s my handy WordPress htaccess configuration items collection.

Note: Lines starting with the hashkey (#) are comment lines, and do not actually do anything.

Force SSL


# FORCE SSL
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# More options:
# http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

Redirection options

Redirect during build

When you’re in the process of building a website for your client, you can use this code snippet to grant yourself and your client access by IP address, while redirecting the rest of the world to a temporary page.

# REDIRECT TO WWW SUBFOLER
# IF not from your address
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.1$
# Fill in IP address above

# AND not for /www directory
RewriteCond %{REQUEST_URI} !^/www

# THEN sen them to /www/index.html
RewriteRule (.*) /www/index.html [R=307,L]

Redirect wp-login.php

Leaving the login page at its default setting is a security risk. By changing this, you make it a bit more difficult for uninvited guests to gain entrance to your WP-admin.

# REDIRECT /WP-LOGIN.PHP TO /ACCESS
RewriteRule ^access$ /wp-login.php [NC,L]

Redirection of a domain name to a single page on a website


# DOMAIN REDIRECTS
# Uncomment the next line and put between
# IfModule mod_rewrite.c
RewriteEngine On
RewriteCond %{HTTP_HOST} domainB\.com [NC] RewriteRule (.*) https://domainA.com/sub-page/$1 [R=301,L]
# Uncomment the next line and put between
# /IfModule

Redirect the domain name to the WWW subdomain

I prefer to use the basic domain as default (https://example.com), but if for some reason you prefer to use https://www.example.com as your default domain, you can reverse the redirection. Now, if you visit https://example.com, you are automatically redirected to https://www.example.com.
Snippets found on The Site Wizard

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
Alternatively, if you also have https://example.nl and https://example.fre, this is how you can redirect them to https://www.example.com as well:

RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

Security tweaks

Block framing/Sniff/Xss


# BLOCK FRAMING/SNIFF/XSS
#Header set X-Frame-Options DENY
#Header set X-Content-Type-Options "nosniff"
#Header set X-Xss-Protection "1; mode=block"

Block “includes” directories and files


# BLOCK INCLUDE FILES AND DIRS
# Uncomment the next line and put between
# IfModule mod_rewrite.c
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L]
# Uncomment the next line and put between
# /IfModule

Block access to wp-config.php


# BLOCK XS TO WP-CONFIG
# Uncomment the next line and put between
# files wp-config.php
order allow,deny
deny from all
# Uncomment the next line and put between
# /files

Block access to .htaccess


# BLOCK XS TO HTACCESS
# Uncomment the next line and put between
# files ~ "^.*\.([Hh][Tt][Aa])"
order allow,deny
deny from all
satisfy all
# Uncomment the next line and put between
# /files

Block directory browsing


# DISABLE DIRECTORY BROWSING
Options All -Indexes

Prevent entering full path to file in uploads folder into browser


# PREVENT ENTERING FULL PATH TO FILE IN UPLOADS FOLDER INTO BROWSER
Options All -Indexes

Performance tweaks

Keep in mind that if you are using a caching plug-in, some of the settings here will already be written to the .htaccess file by the plugin, and therefore need not be added manually.

Set expiration dates

Increase performance by setting expiration dates on file types.

# SET EXPIRATION DATES TO INCREASE WEBSITE PERFORMANCE
# Uncomment the next line and put between
# IfModule mod_expires.c
# Enable expirations
ExpiresActive On
# Default directive
ExpiresDefault "access plus 1 month"
# My favicon
ExpiresByType image/x-icon "access plus 1 year"
# Images
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
# CSS
#ExpiresByType text/css "access 1 month"
# experimenting here. with the timestamp added through functions.php, the css file changes version number when updated,
# causing the stylesheet to be downloaded again, and resetting the plus 1 year. Test this!
ExpiresByType text/css "access plus 1 year"
# Javascript
ExpiresByType application/javascript "access plus 1 year"
# Uncomment the next line and put between
# /IfModule

Disable eTags

Disabling eTags increases website performance.

# DISABLE ETag TO INCREASE WEBSITE PERFORMANCE
FileETag MTime Size

Enable Gzip, method #1

Enabling gzip compression increases performance.

# ENABLE GZIP METHOD #1
# Uncomment the next line and put between
# ifModule mod_gzip.c
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
# Uncomment the next line and put between
# /IfModule

Enable Gzip, method #2


# ENABLE GZIP METHOD #2
# Uncomment the next line and put between
# IfModule mod_deflate.c
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml

# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
# Uncomment the next line and put between
# /IfModule

Want to know more about .htaccess? Start .here.

This is a live document. I will add new snippets as I come across them. If you have any useful additions, please feel free to post them in the comments!

This post was last modified on 14/11/2018 14:47

Boris Hoekmeijer

View Comments

  • Added “Redirect the domain name to the WWW subdomain” snippet.

Leave a Comment
Share
Published by
Boris Hoekmeijer
Tags: htaccesshtaccess snippetperformance tweakredirectionsecurity tweakwordpress htaccess
6 years ago

Recent Posts

Agribusiness Service

Website en logo ontwerp voor Kookstudio Aalsmeer - voor uw kookclub, kookfeest of bedrijfsuitje in…

4 months ago

CardioThoracaal Chirurgie Zorgpad

Website en logo ontwerp voor Kookstudio Aalsmeer - voor uw kookclub, kookfeest of bedrijfsuitje in…

4 months ago

7huijzen Food Quality & Innovation Management

Website en logo ontwerp voor Kookstudio Aalsmeer - voor uw kookclub, kookfeest of bedrijfsuitje in…

5 months ago

Prime Housing

Website en logo ontwerp voor Kookstudio Aalsmeer - voor uw kookclub, kookfeest of bedrijfsuitje in…

6 months ago

Cor de Kroon

Website en logo ontwerp voor Kookstudio Aalsmeer - voor uw kookclub, kookfeest of bedrijfsuitje in…

8 months ago

Hoe leeg je de cache van je browser?

Building your WordPress website efficiently using the 10 tips I documented after years of experience.…

1 year ago
Boris Hoekmeijer Webdesign & Grafische vormgeving
5.0
Based on 26 reviews
review us on
M. Zevenhuijzen (7huijzen)
17:50 15 Jan 24
Boris designed and built both the company logo and website for 7huijzen Food Quality & Innovation Management.From the... moment I met, I got to know Boris as a knowledgeable person who works very customer-oriented. He knows how to apply the "art" of good listening and translate it into a beautiful product.He listens to the customer's direct input, but especially to what is said between the lines. He knows how to design the logo and website in such a way that the right style and emotion is achieved.I am very grateful to Boris for the contact and the work done, a true professional that I can recommend to both large and small (SME / self-employed) companies.Mark Zevenhuijzen - Owner of 7huijzen Food Quality & Innovation Management. www.7huijzen.nlread more
Prime Housing
12:40 24 Aug 23
We have had a great collaboration with Boris. His quick accessibility and good advice clearly left a positive... impression. It's great to work with professionals who can provide effective solutions while providing excellent customer service. A successful collaboration!read more
Ehsan Bazaei
18:18 29 Jun 23
An experienced, professional, committed, creative and customer-oriented web designer.
Chad Emery
11:54 28 Jun 23
Boris is very talented with WP and WPML development, and he's excellent at explaining difficult concepts in language... that is easy to understand. He works efficiently and answered all of our questions quickly and thoroughly. I highly recommend working with him for your WP and WPML needs!read more
Telmo Silva
16:55 07 Apr 23
We have gone through too many WordPress experts many times to find much later that they hacked their way into getting... WP to do things via PHP and lots of code. Boris does things right and his expertise, patience and experience in WP, WPML as well as the many common plugins and extensions, was the best experience we have had in getting our multi-lingual web site development back on track. Thank you!read more
Hart Long Centrum Leiden
08:45 15 Mar 23
At the Heart Lung Center we have been working very well with Boris for several years. He has designed several websites... for us. Boris is very professional, thinks along well and is easily accessible. If we need help, Boris always comes up with a suitable solution very quickly. In short, a very pleasant collaboration!read more
Urbanature
12:14 10 Apr 22
extremely conscientious and reliable
Dakin-Flathers Ltd
09:36 15 Mar 21
Boris is definitely an expert with WPML. He’s extremely professional and has the ability to troubleshoot and repair any... issue quickly and efficiently with WPML. Boris also takes the time to explain the issue and how it should be resolved in very simple and easy to use steps, should you wish to make the fix yourself. He offers real value for money and we will be using him in the future. I would 100% recommend his services. Thank you Boris!read more
Elke Hockauf
12:19 18 Mar 20
Very competent support in solving WPML and Elementor realted problems! Thanks a lot!
Janine Fuchs
08:47 03 Jun 19
I'm very happy with the work and support of Boris Heokmeijer. Since I'm not an expert on WordPress, I appreciate a lot... what he is doing for us. He responds to my questions very promptly and explains how and why what things need to be done. :-)read more
See All Reviews