Most useful .htaccess Tricks for WordPress

If you are using WordPress for a while now, you are bound to come across the .htaccess file. It is a configuration file for web servers. To be more precise, it is a configuration file for web servers powered by Apache software. The .htaccess is a powerful configuration file. You can use it to enhance your site’s performance and harden its security. In this article, we will share with you our collection of most useful .htaccess tricks for WordPress.

Gettings started

Before you apply any of this useful .htaccess tricks for WordPress, make sure to create a backup of your .htaccess file. This will ensure that you can revert your changes if something goes wrong. Use an FTP client or your cPanel file manager. The .htaccess file is located in the WordPress root installation directory.

If you can’t find the .htaccess file, then make sure that hidden files are visible. If you still can’t find it, then create a new text file and upload it to your root directory. Once uploaded, rename it to .htaccess and you are good to go.

Protect .htaccess From Unauthorized Access

The first of our most useful .htaccess tricks for WordPress is to how to protect .htaccess file itself, how obvious! As the .htaccess file is so powerful, it is best to restrict anyone from editing this file. There’ s no point doing all the hard work and letting someone else ruin it all. Add the following to your .htaccess file to stop it from getting viewed or edited.

<Files .htaccess>
order allow,deny
deny from all
</Files>

Protecting WordPress Admin Area

The admin area should only be accessible to those who actually need it. This is easily done. Just copy and paste the following code in a .htaccess file in your WordPress admin area. Replace xx.xxx.xxx.xxx with your IP address.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
order deny,allow
deny from all
allow from xx.xx.xx.xx

Replace xx.xx.xx.xx with your IP address. A free site like whatismyip.com  will help you to grab your IP address. In case you want access to your admin area from multiple IP addresses, simply add another line of Allow from xx.xx.xx.xx with another IP address.

Protect WordPress configuration wp-config.php file

The single most important configuration file is the wp-config.php file. It stores all database authentication info. Add the following code snippet to your .htaccess file to prevent unauthorized access to the wp-config.php file.

<Files wp-config.php>
order deny,allow
Deny from all
</Files>

Protect php.ini file

Another important file the php.ini is accessible to the world. A hacker can look at your PHP configuration and exploit it. Prevent access to your php.ini  file with the following code snippet added to your .htaccess file

<Files php.ini>
Order deny,allow
Deny from All
</Files>

Ban someone from your website

If you are noticing suspicious activities from an IP address, you can ban it using the following code snippet in your .htaccess file

order allow,deny
deny from xx.xx.xx.xx
allow from all

Prevent directory content from getting displayed

Contents of your web server should never be visible to any unauthorized person. You should always prevent directory indexing display. Add the code snippet below to your .htaceess file

Options All -Indexes

Disable PHP execution in WordPress wp-includes directory

PHP Files inside the wp-includes directory are not meant to be accessed directly. Enhance security of your WordPress by disabling access to these PHP files. Create a .htaccess file inside wp-includes directory and paste the following code

<Files *.php>
deny from all
</Files>

Disable image hotlinking

If you are running a huge website, with lots of images, other users might hog your bandwidth by hotlinking to your content. This can slow down your website in addition to increasing your bandwidth consumption. The following code snippet will stop other from hotlinking your content

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?feeds.feedburner.com/layerpoint [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

Speed up your WordPress site by enabling gzip compression

Enabling gzip compression will force the server to compress the contents before sending them to the user. This will considerably speed up your website loading time. Add the following to your .htaccess file

<IfModule mod_deflate.c>
<IfModule mod_mime.c>
AddOutputFilter DEFLATE js css htm html xml
</IfModule>
</IfModule>

Search engine friendly redirects for your WordPress site

This is one of the most useful .htaccess tricks. 301 redirects are SEO friendly and ensure that both users and search engines are safely redirected to the new location.

Redirect 301 /oldurl/ http://www.domain.com/newurl

That’s all for our collection of most useful .htaccess tricks for WordPress. We hope you found something useful. Check out our blog for more useful tips and articles.