“A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration„. (FromWikipedia) The .htaccess method will only effect the folder in which the .htaccess file resides, and all the folders inside. The .htaccess file is very useful and allows you to do a lot of things… Here’s my list of the most popular htaccess code snippets that can be added to your .htaccess file. I hope you find them as useful as I do.
.Htaccess Code Snippets, Examples, Tips And Tricks
01. Protect WordPress Blog From Script Injections
1 2 3 4 5 6 7 8 9 10 11 |
Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L] |
02. Prevent Hotlinking
1 2 3 4 5 6 |
RewriteEngine On #Replace ?mysite\.com/ with your blog url RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ #Replace /images/nohotlink.jpg with your "don't hotlink" image url RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L] |
03. Configure Your Website For HTML5 Videos
1 2 3 4 5 6 7 8 |
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico AddType video/ogg .ogv AddType video/ogg .ogg AddType video/mp4 .mp4 AddType video/webm .webm AddType application/x-shockwave-flash swf |
04. Use Browser Caching To Improve Blog Speed
1 2 3 4 5 6 7 8 9 10 11 |
ExpiresActive On ExpiresByType image/jpg "access 1 year" ExpiresByType image/jpeg "access 1 year" ExpiresByType image/gif "access 1 year" ExpiresByType image/png "access 1 year" ExpiresByType text/css "access 1 month" ExpiresByType application/pdf "access 1 month" ExpiresByType text/x-javascript "access 1 month" ExpiresByType application/x-shockwave-flash "access 1 month" ExpiresByType image/x-icon "access 1 year" ExpiresDefault "access 2 days" |
05. Blacklist Undesired Users And Bots Ip Address
1 2 3 4 5 6 |
order allow,deny allow from all deny from 123.456.789 deny from 93.121.788 deny from 223.956.789 deny from 128.456.780 |
06. Redirect Hotlinkers
1 2 3 |
RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(subdomain\.)?domain.tld/.*$ [NC] RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ http://google.com [R] |
07. Force Trailing Slash
1 2 |
RewriteCond %{REQUEST_URI} /+[^\.]+$ RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L] |
08. Remove File Extensions From Urls
1 2 3 4 5 |
RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}\.html -f RewriteRule ^(.*)$ $1.html # Replace html with your file extension, eg: php, htm, asp |
09. If You Want To Cover Both Http And Https
1 2 3 4 |
Options +FollowSymlinks RewriteEngine On RewriteCond %{HTTP_HOST}//s%{HTTPS} ^www.(.*)//((s)on|s.*)$ [NC] RewriteRule ^ http%3://%1%{REQUEST_URI} [L,R=301] |
10. Create Custom Error Pages
1 2 3 4 5 |
ErrorDocument 400 /errors/badrequest.html ErrorDocument 401 /errors/authreqd.html ErrorDocument 403 /errors/forbid.html ErrorDocument 404 /errors/notfound.html ErrorDocument 500 /errors/serverr.html |
11. Log PHP Errors
1 2 3 4 5 6 7 |
# display no errs to user php_flag display_startup_errors off php_flag display_errors off php_flag html_errors off # log to file php_flag log_errors on php_value error_log /location/to/php_error.log |
12. Redirect WordPress Feeds To FeedBurner
1 2 3 4 5 6 |
# temp redirect wordpress content feeds to feedburner RewriteEngine on RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC] RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC] RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/webanddesigners [R=302,NC,L] |
13. Force Download Of Specific Files
1 2 3 4 5 |
ForceType application/octet-stream Header set Content-Disposition attachment ForceType application/octet-stream Header set Content-Disposition attachment |
14. Require Password For 1 File
1 2 3 4 |
AuthName "Prompt" AuthType Basic AuthUserFile /home/askapache.com/.htpasswd Require valid-user |
15. Protect Multiple Files
1 2 3 4 5 |
<filesmatch "^(exec|env|doit|phpinfo|w)\.*$"=""> AuthName "Development" AuthUserFile /.htpasswd AuthType basic Require valid-user |
16. Compress Text Files
1 2 |
<filesmatch "\.(css|js|x?html?|php)$"=""> SetOutputFilter DEFLATE |
17. Expire Headers
1 2 3 4 5 6 7 8 9 10 11 12 13 |
ExpiresActive On ExpiresDefault "access plus 1 seconds" ExpiresByType image/x-icon "access plus 2592000 seconds" ExpiresByType image/jpeg "access plus 2592000 seconds" ExpiresByType image/png "access plus 2592000 seconds" ExpiresByType image/gif "access plus 2592000 seconds" ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds" ExpiresByType text/css "access plus 604800 seconds" ExpiresByType text/javascript "access plus 216000 seconds" ExpiresByType application/javascript "access plus 216000 seconds" ExpiresByType application/x-javascript "access plus 216000 seconds" ExpiresByType text/html "access plus 600 seconds" ExpiresByType application/xhtml+xml "access plus 600 seconds" |
18. Cache-Control Headers
1 2 3 4 5 6 7 8 9 10 11 |
<filesmatch "\.(ico|jpe?g|png|gif|swf)$"=""> Header set Cache-Control "max-age=2592000, public" <filesmatch "\.(css)$"=""> Header set Cache-Control "max-age=604800, public" <filesmatch "\.(js)$"=""> Header set Cache-Control "max-age=216000, private" <filesmatch "\.(x?html?|php)$"=""> Header set Cache-Control "max-age=600, private, must-revalidate" |
19. Turn ETags Off
1 2 3 |
Header unset ETag FileETag None |
20. Remove Last-Modified Header
1 |
Header unset Last-Modified |
21. Banning A WordPress Spammer With .Htaccess
1 2 3 |
order allow,deny deny from 200.49.176.139 allow from all |
22. How To: Deny Comment Posting To No Referrer Requests
1 2 3 4 5 6 |
RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post\.php* RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L] |
23. Redirect Www To Non Www Or Vice Versa
1 2 3 4 5 6 7 8 |
RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^www.yourblogname.com [NC] RewriteRule ^(.*)$ http://yourblogname.com/$1 [L,R=301] RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^yourblogname.com [NC] RewriteRule ^(.*)$ http://www.yourblogname.com/$1 [L,R=301] |
24. Block Referring Domains
1 2 3 4 |
#block referring domains RewriteEngine on RewriteCond %{HTTP_REFERER} digg\.com [NC] RewriteRule .* – [F] |
25. Redirect Visitors To A Maintenance Page
1 2 3 4 |
RewriteEngine on RewriteCond %{REQUEST_URI} !/maintenance.html$ RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123 RewriteRule $ /maintenance.html [R=302,L] |
26. Allow Only Your IP Adress On The Wp-Admin Directory
1 2 3 4 5 6 7 8 |
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Example Access Control" AuthType Basic order allow, deny deny from all allow from xx.xx.xx.xx |
27. Password-Protect Single File
1 2 3 4 |
AuthType Basic AuthName "Prompt" AuthUserFile /home/path/.htpasswd Require valid-user |
28. Password-Protect Multiple Files
1 2 3 4 5 |
<filesmatch "^(execute|index|secure|insanity|biscuit)*$"=""> AuthType basic AuthName "Development" AuthUserFile /home/path/.htpasswd Require valid-user |
29. Redirect Any Request For Anything From Spamsite To Differentspamsite
1 2 3 4 5 6 7 8 9 10 |
RewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$ [NC] RewriteRule .* http://www.differentspamsite.com [R] Redirect All Requests From Spamsite To An Image Of Something At Differentspamsite RewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$ [NC] RewriteRule .* http://www.differentspamsite/something.jpg [R] Redirect Traffic From A Certain Address Or Range Of Addresses To Another Site RewriteCond %{REMOTE_ADDR} 192.168.10.* RewriteRule .* http://www.differentspamsite.com/index.html [R] |
30. Speed Up Your Site With .Htaccess Caching
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# 1 YEAR <filesmatch "\.(ico|pdf|flv)$"=""> Header set Cache-Control "max-age=29030400, public" # 1 WEEK <filesmatch "\.(jpg|jpeg|png|gif|swf)$"=""> Header set Cache-Control "max-age=604800, public" # 2 DAYS <filesmatch "\.(xml|txt|css|js)$"=""> Header set Cache-Control "max-age=172800, proxy-revalidate" # 1 MIN <filesmatch "\.(html|htm|php)$"=""> Header set Cache-Control "max-age=60, private, proxy-revalidate" |
31. Redirect All WordPress Feeds To Feedburner
1 2 |
RedirectMatch 301 /feed/(atom|rdf|rss|rss2)/?$ http://feedburner.com/yourfeed/ RedirectMatch 301 /comments/feed/(atom|rdf|rss|rss2)/?$ http://feedburner.com/yourfeed/ |
32. Stop Spam On Your WordPress Blog
1 2 3 4 5 6 |
RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post\.php* RewriteCond %{HTTP_REFERER} !.*yourdomainname.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L] |
33. Deny Access To Your Wp-Config.Php File
1 2 3 4 |
# protect wpconfig.php order allow,deny deny from all |
34. Securing The .Htaccess
1 2 3 |
order allow,deny deny from all satisfy all |