27 WordPress Htaccess Tips for Better Security and Performance

htaccess file, Security, Wordpress
For Detail htaccess file Usages and how to create it, please check htaccess file knowledge base  Millions of WordPress users use the .htaccess file to protect their websites from spammers, hackers, other known threats and increase their WordPress Website Performance. I will list some Useful Tips of  htaccess file used for WordPress Security and Performance. Normally your control panel can install a WordPress website easily by just several click and configuration. After  you have installed Wordpress and configured  your website’s permalink settings to meet the requirement of SEO, your htaccess file will be installed in your root folder. When you change https://domain.powerhoster.com/sample-post/ instead of https://domain.powerhoster.com/?p=123, your htaccess file will look like: # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]…
Read More

Redirect by Php

Programming
Under PHP you need to use header() to send a raw HTTP header. Using headers()method, you can easily transferred to the new page without having to click a link to continue. This is also useful for search engines. Change the code on the redirect page to be: <?php header( 'Location: http://www.powerhoster.com' ) ; ?> You need to replace the URL above with the URL you wish to direct to. Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include(), or require(), functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when…
Read More

How to Instruct Browser to Download Media Files Instead of Display Them Using htaccess file

htaccess file
Here is a useful method for delivering multimedia file downloads to your users. Typically, browsers will attempt to play or stream such files when direct links are clicked. With this method, provide a link to a multimedia file and a dialogue box will provide users the choice of saving the file or opening it. Here are a few htaccess rules demonstrating the technique (edit file types according to your specific needs): AddType application/octet-stream .zip .mp3 .mp4 .avi .mpg .wmv This tells the Apache Web Server to treat .zip, .mp3,  .mp4, .avi, .mpg, .wmv files as downloadable, and should be used instead of specifying them as audio/video/zip files in your MIME types section.
Read More

How to Prevent Requests with Invalid Characters Using htaccess file

htaccess file
You can use Mod_Rewrite to deny requests containing invalid characters, RewriteEngine On RewriteBase / RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ [a-zA-Z0-9\.\+_/\-\?\=\&]+\ HTTP/ [NC] RewriteRule .* - [F,NS,L] You can also Employ Basic URL Spelling Check to auto-correct simple spelling errors in the URL. # automatically corect simple speling erors <IfModule mod_speling.c>  CheckSpelling On </IfModule>
Read More

How to Specify File Size Limit and Max Execution Time Limit for PHP using htaccess file

htaccess file
php_value upload_max_filesize 20M php_value post_max_size 20M php_value max_execution_time 200 php_value max_input_time 200 In the above .htaccess file, uploading capability is increased by the four parameter first one is maximum file size for uploading, second one is maximum size of the post data , third one is maximum time in seconds a script is allowed to run before it is terminated by the parser and last one is maximum time in seconds a script is allowed to parse input data such as like file uploads, POST and GET data. After you upload your above codes in your htaccess file. You can create a phpinfo file, and you will find the max upload file size and max execution time is changed.
Read More

How to Implement a Caching Scheme with htaccess file

htaccess file
You can cache the static files and improve your website’s performance. File caching is another famous approach in optimizing website loading time. Search engine will rank your website higher if your website response time is faster. Almost all website especially wordpress websites are caching their static files: <FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$"> Header set Cache-Control "max-age=2592000" # year <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|mp3|mp4)$"> Header set Cache-Control "public" Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT" Header unset Last-Modified #2 hours <FilesMatch "\.(html|htm|xml|txt|xsl)$"> Header set Cache-Control "max-age=7200, must-revalidate" <FilesMatch "\.(js|css)$"> SetOutputFilter DEFLATE Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT" Disable caching for certain file type Well, in the other hand, you can disable caching for certain file type. # explicitly disable caching for scripts and other dynamic files <FilesMatch ".(pl|php|cgi|spl|scgi|fcgi)$"> Header unset Cache-Control
Read More

How to Prevent Access to Your php.ini file or any other risky files by htaccess file

htaccess file
If you run the risk of someone accessing your php.ini  file directly through their browsers, you can limit access to them using htaccess file. Put following lines in your .htaccess file: <Files php.ini> Order allow,deny Deny from all </Files> If you want to prevent the risk access to your other files such as your htacess, htpasswd, ini, phps, fla, psd, log, sh files, you can also put following lines into your htaccess file: <filesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$"> Order Allow,Deny Deny from all </filesMatch>
Read More