
“A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration„. (FromWikipedia) The .htaccess method will only effect the folder in which the .htaccess file resides, and all the folders inside. The .htaccess file is very useful and allows you to do a lot of things… Here’s my list of the most popular htaccess code snippets that can be added to your .htaccess file. I hope you find them as useful as I do.
.Htaccess Code Snippets, Examples, Tips And Tricks
01. Protect WordPress Blog From Script Injections
| RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] |
| RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] |
| RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) |
| RewriteRule ^(.*)$ index.php [F,L] |
Source: http://wptidbits.com/tutorials/21-most-popular-htaccess-hacks-for-wordpress/
02. Prevent Hotlinking
| #Replace ?mysite\.com/ with your blog url |
| RewriteCond %{HTTP_REFERER} !^http: //(.+\.)?mysite\.com/ [NC] |
| RewriteCond %{HTTP_REFERER} !^$ |
| #Replace /images/nohotlink.jpg with your "don't hotlink" image url |
| RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L] |
Source: http://www.wprecipes.com/how-to-protect-your…
03. Configure Your Website For HTML5 Videos
| RewriteCond %{REQUEST_FILENAME} !-f |
| RewriteCond %{REQUEST_FILENAME} !-d |
| RewriteCond %{REQUEST_URI} !=/favicon.ico |
| AddType application/x-shockwave-flash swf |
Source: http://snipplr.com/view.php?codeview&id=53437
04. Use Browser Caching To Improve Blog Speed
| ExpiresByType image/jpg "access 1 year" |
| ExpiresByType image/jpeg "access 1 year" |
| ExpiresByType image/gif "access 1 year" |
| ExpiresByType image/png "access 1 year" |
| ExpiresByType text/css "access 1 month" |
| ExpiresByType application/pdf "access 1 month" |
| ExpiresByType text/x-javascript "access 1 month" |
| ExpiresByType application/x-shockwave-flash "access 1 month" |
| ExpiresByType image/x-icon "access 1 year" |
| ExpiresDefault "access 2 days" |
Source: http://www.onextrapixel.com/2011/11/03/unleashing-htaccess-for-wordpress/
05. Blacklist Undesired Users And Bots Ip Address
Source: http://www.smashingmagazine.com/2010/07/01/10-useful-wordpress-security-tweaks/
06. Redirect Hotlinkers
| RewriteCond %{HTTP_REFERER} !^$ |
| RewriteCond %{HTTP_REFERER} !^http: //(subdomain\.)?domain.tld/.*$ [NC] |
| RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ http: //google.com [R] |
Source: http://www.askapache.com/htaccess/ultimate-htaccess-file-sample.html
07. Force Trailing Slash
| RewriteCond %{REQUEST_URI} /+[^\.]+$ |
| RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L] |
Source: http://perishablepress.com/code-snippets/
08. Remove File Extensions From Urls
| RewriteCond %{REQUEST_FILENAME} !-d |
| RewriteCond %{REQUEST_FILENAME}\.html -f |
| RewriteRule ^(.*)$ $1 .html |
| # Replace html with your file extension, eg: php, htm, asp |
Source: http://eisabainyo.net/weblog/2007/08/19/removing-file-extension-via-htaccess
09. If You Want To Cover Both Http And Https
| RewriteCond %{HTTP_HOST} //s%{HTTPS} ^www.(.*)//((s)on|s.*)$ [NC] |
| RewriteRule ^ http%3: //%1%{REQUEST_URI} [L,R=301] |
Source: http://www.askapache.com/htaccess/commonly-used-htaccess-code-examples.html
10. Create Custom Error Pages
| ErrorDocument 400 /errors/badrequest.html |
| ErrorDocument 401 /errors/authreqd.html |
| ErrorDocument 403 /errors/forbid.html |
| ErrorDocument 404 /errors/notfound.html |
| ErrorDocument 500 /errors/serverr.html |
Source: http://css-tricks.com/snippets/htaccess/custom-error-pages/
11. Log PHP Errors
| # display no errs to user |
| php_flag display_startup_errors off |
| php_flag display_errors off |
| php_value error_log /location/to/php_error.log |
Source: http://css-tricks.com/snippets/htaccess/php-error-logging/
12. Redirect WordPress Feeds To FeedBurner
| # temp redirect wordpress content feeds to feedburner |
| RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC] |
| RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC] |
| RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http: //feeds.feedburner.com/webanddesigners [R=302,NC,L] |
Source: http://perishablepress.com/press/2008/03/25/redirect-wordpress-feeds-to-feedburner-via-htaccess-redux/
13. Force Download Of Specific Files
| ForceType application/octet-stream |
| Header set Content-Disposition attachment |
| ForceType application/octet-stream |
| Header set Content-Disposition attachment |
Source: http://www.givegoodweb.com/post/30/forcing-a-download-with-apache-and-htaccess
14. Require Password For 1 File
| AuthUserFile /home/askapache.com/.htpasswd |
15. Protect Multiple Files
| <FilesMatch "^(exec|env|doit|phpinfo|w)\.*$" > |
Source: http://www.angelmonticelli.com.ar/2010/03/ultimate-htaccess-code-snippets/
16. Compress Text Files
| <filesMatch "\.(css|js|x?html?|php)$" > |
17. Expire Headers
| ExpiresDefault "access plus 1 seconds" |
| ExpiresByType image/x-icon "access plus 2592000 seconds" |
| ExpiresByType image/jpeg "access plus 2592000 seconds" |
| ExpiresByType image/png "access plus 2592000 seconds" |
| ExpiresByType image/gif "access plus 2592000 seconds" |
| ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds" |
| ExpiresByType text/css "access plus 604800 seconds" |
| ExpiresByType text/javascript "access plus 216000 seconds" |
| ExpiresByType application/javascript "access plus 216000 seconds" |
| ExpiresByType application/x-javascript "access plus 216000 seconds" |
| ExpiresByType text/html "access plus 600 seconds" |
| ExpiresByType application/xhtml+xml "access plus 600 seconds" |
18. Cache-Control Headers
| <filesMatch "\.(ico|jpe?g|png|gif|swf)$" > |
| Header set Cache-Control "max-age=2592000, public" |
| Header set Cache-Control "max-age=604800, public" |
| Header set Cache-Control "max-age=216000, private" |
| <filesMatch "\.(x?html?|php)$" > |
| Header set Cache-Control "max-age=600, private, must-revalidate" |
19. Turn ETags Off
20. Remove Last-Modified Header
| Header unset Last-Modified |
Source: http://www.samaxes.com/2009/01/more-on-compressing-and-caching-your-site-with-htaccess/
21. Banning A WordPress Spammer With .Htaccess
Source: The easiest way to ban a WordPress spammer
22. How To: Deny Comment Posting To No Referrer Requests
| RewriteCond %{REQUEST_METHOD} POST |
| RewriteCond %{REQUEST_URI} .wp-comments-post\.php* |
| RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR] |
| RewriteCond %{HTTP_USER_AGENT} ^$ |
| RewriteRule (.*) ^http: //%{REMOTE_ADDR}/$ [R=301,L] |
23. Redirect Www To Non Www Or Vice Versa
| RewriteCond %{HTTP_HOST} ^www.yourblogname.com [NC] |
| RewriteRule ^(.*)$ http: //yourblogname.com/$1 [L,R=301] |
| RewriteCond %{HTTP_HOST} ^yourblogname.com [NC] |
| RewriteRule ^(.*)$ http: //www.yourblogname.com/$1 [L,R=301] |
Source: http://www.webanddesigners.com/20-htaccess-hacks-to-prevent-your-wordpress-site-from-hacking/
24. Block Referring Domains
| RewriteCond %{HTTP_REFERER} digg\.com [NC] |
25. Redirect Visitors To A Maintenance Page
| RewriteCond %{REQUEST_URI} !/maintenance.html$ |
| RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123 |
| RewriteRule $ /maintenance.html [R=302,L] |
Source: Comment faire une page d’accueil pour les internautes
26. Allow Only Your IP Adress On The Wp-Admin Directory
| AuthName "Example Access Control" |
Source: Protecting the WordPress wp-admin folder
27. Password-Protect Single File
| AuthUserFile /home/path/.htpasswd |
28. Password-Protect Multiple Files
| <FilesMatch "^(execute|index|secure|insanity|biscuit)*$" > |
| AuthUserFile /home/path/.htpasswd |
29. Redirect Any Request For Anything From Spamsite To Differentspamsite
| RewriteCond %{HTTP_REFERER} ^http: //.*spamsite.*$ [NC] |
| RewriteRule .* http: //www.differentspamsite.com [R] |
Redirect All Requests From Spamsite To An Image Of Something At Differentspamsite
| RewriteCond %{HTTP_REFERER} ^http: //.*spamsite.*$ [NC] |
| RewriteRule .* http: //www.differentspamsite/something.jpg [R] |
Redirect Traffic From A Certain Address Or Range Of Addresses To Another Site
| RewriteCond %{REMOTE_ADDR} 192.168.10.* |
| RewriteRule .* http: //www.differentspamsite.com/index.html [R] |
Source: http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
30. Speed Up Your Site With .Htaccess Caching
| <FilesMatch "\.(ico|pdf|flv)$" > |
| Header set Cache-Control "max-age=29030400, public" |
| <FilesMatch "\.(jpg|jpeg|png|gif|swf)$" > |
| Header set Cache-Control "max-age=604800, public" |
| <FilesMatch "\.(xml|txt|css|js)$" > |
| Header set Cache-Control "max-age=172800, proxy-revalidate" |
| <FilesMatch "\.(html|htm|php)$" > |
| Header set Cache-Control "max-age=60, private, proxy-revalidate" |
Source: http://www.askapache.com/htaccess/speed-up-sites-with-htaccess-caching.html
31. Redirect All WordPress Feeds To Feedburner
| RedirectMatch 301 /feed/(atom|rdf|rss|rss2)/?$ http: //feedburner.com/yourfeed/ |
| RedirectMatch 301 /comments/feed/(atom|rdf|rss|rss2)/?$ http: //feedburner.com/yourfeed/ |
Source: http://www.wprecipes.com/how-to-redirect-wordpress-rss-feeds-to-feedburner-with-htaccess
32. Stop Spam On Your WordPress Blog
| RewriteCond %{REQUEST_METHOD} POST |
| RewriteCond %{REQUEST_URI} .wp-comments-post\.php* |
| RewriteCond %{HTTP_REFERER} !.*yourdomainname.* [OR] |
| RewriteCond %{HTTP_USER_AGENT} ^$ |
| RewriteRule (.*) ^http: //%{REMOTE_ADDR}/$ [R=301,L] |
Source: http://www.wprecipes.com/reduce-spam-on-your-wordpress-blog-by-using-htaccess
33. Deny Access To Your Wp-Config.Php File
34. Securing The .Htaccess
| <Files ~ "^.*\.([Hh][Tt][Aa])" > |
Source: http://www.onextrapixel.com/2011/11/03/unleashing-htaccess-for-wordpress/
Warning:
.htaccess files can do more harm than good if used incorrectly. You should always be careful when modifying your htaccess file: even a minor typographical error can make your site unusable!
So, be sure to keep the original working .htaccess as backup just in case you need to revert to original settings.
Thanks for the list!
Great & helpful .htaccess tutorial.
I have created http://www.example.com/profile.php?id=2 to http://www.example.com/username using .htaccess rewrite rule. Thanks for sharing these tricks again.