Tips on .htaccess and its configuration for WordPress
Tips on .htaccess and its configuration for WordPress Many people ask questions about this file and I hope this article will help you. So, the .htaccess file is a configuration file that allows you to manage files and folders in the current directory and subcategories.
Most WordPress users first encounter this file when they try to customize the appearance of their permalinks. To get those nice links that we all know and love (for example, http://www.site.com/sample-post/ instead of http://www.site.com/?p=123) , we need to add something something like this in the .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
However, this problem is now being solved directly from the WP admin panel.
But if you don't have a .htaccess file at all, then you can create it yourself and upload it to the server. All you need to do is create a blank file, call it .htaccess and upload it to the root directory of your WordPress installation. Don't forget to type a period at the beginning of the file (we save the file as .htaccess, not htaccess). You should also definitely open the file to record the information so that WordPress can add the correct permalink code to your .htaccess. WordPress.org recommends setting permissions to 644 for the .htaccess file.
The .htaccess file is used not only for permalinks. This file is best known for the fact that it can be used to strengthen the security of a website. In this article you will find snippets to enhance site security and some other useful tips.
You may have noticed that in the permalink example above, the code starts with # BEGIN WordPress and ends with # END WordPress. WordPress can update any code placed between these tags. Thus, you can place any snippet suggested in this article either at the beginning or at the end of your .htaccess file (for example, before #BEGIN WordPress or after #END WordPress).
Be careful!
.htaccess is a rather capricious file: you make a mistake in one character, and the entire site crashes. So be sure to copy any code given in this article into your .htaccess file. Before you start working with your .htaccess file, be sure to make a copy of the latest working version of it and keep it in a safe place. If you have uploaded a new version of .htaccess to the server, be sure to refresh the site to see if it works. If instead of the site you see a white screen, then return the previously saved copy, placing it on top of the version that caused the error.
If you can't find your copy, download a clean htaccess file or delete it altogether. Don't tempt fate, just always keep a fresh backup with you.
1. Secure .htaccess
Since .htaccess gives you so much control over folders and files, it's important to hide it from prying eyes. The snippet below will protect your .htaccess from hackers. As always, you can edit your file via FTP.
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
2. Secure WP-Config.php
Another important file is wp-config.php, because it contains authorization information for the WordPress database, as well as other important save settings, so it should be removed from public access.
<files wp-config.php>
order allow,deny
deny from all
</files>
3. Protect /Wp-Content/
The wp-content directory is one of the most important areas of your WordPress site. This is where vital files such as themes, plugins, downloaded media files, and cache files are stored and is where hackers want to get to.
You can protect this directory from spammers and hackers by creating a separate .htaccess and adding this code there:
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>
You need to upload this separate .htaccess file to your main wp-content directory, for example www.yourwebsite.com/wp-content/. Now you can only upload files with XML, CSS, JPG, JPEG, PNG, Gif and javascript extensions here, and all other file types will be deleted.
4. Block files not intended for users
You can block access to certain files by adding this code to .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
5. Restrict access to the admin area
Hackers dream of gaining access to this zone, since once it is acquired, they can do anything they want with your site. To secure this area, create a new .htaccess file and add the code below.
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 12.34.56.78
</Limit>
Don't forget to change 12.34.56.78 to your own IP address (you can find your IP at What Is My IP?). Then upload the file to the /wp-admin/ folder of your site, for example, www.yoursite.com/wp-admin/.
Now only you have access to the WordPress admin area. You can also add additional IP addresses for other admins and other team members. To do this, you can add additional lines or list their IP addresses on the main line, separating them with dots.
allow from 12.34.56.78, 98.76.54.32, 19.82.73.64
6. Ban your haters
If you know the IP address of an ill-wisher, then using the snippet below, you can ban him forever.
<Limit GET POST>
order allow,deny
deny from 123.456.78.9
deny from 987.654.32.1
allow from all
</Limit>
7. Direct visitors to the service page.
Such plugins, Maintenance, are good when you need to display a temporary message that the site is under development if you change something there or update the engine. But these plugins are useless in case of WordPress White Screen of Death. So if you want to prepare for the worst, it's a good idea to create a basic HTML page called maintenance.html that lets the user know that your site is currently experiencing problems and will be back online soon. In case of White Screen, just add this snippet to your .htaccess file.
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]
You will need to edit the code to suit your site: change the name of the html file to your name, as well as its location in the second and fourth lines. You also need to add your own IP address on the third line in order to maintain access to the website for yourself and display a message to others. The code uses a 302 redirect to block the page from indexing.
8. Prevent browsing folders in the browser
If you allow someone to see your folders and files, then you are at great risk. To disable browsing of your directories, simply add a small piece of code to .htaccess.
Options All -Indexes
9. Enable browser caching
Enabling caching will allow visitors to save elements from your web pages without having to download them again. This is necessary for design elements, such as CSS files and media files - pictures. This practice is not uncommon, since when someone uploads an image to your site, the image is rarely re-uploaded. Caching also allows visitors to download images stored on their computer rather than pulling them from your server. This also increases the page loading speed significantly. To enable caching, add this code to your .htaccess file.
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"
</IfModule>
10. URL redirect
301 redirects tell search engines that the links have been permanently moved to another location. They can be used when you need to redirect a page, a folder, or even an entire website. A redirect is also used when the page URL needs to be changed. This can happen due to a change in domain, permalink structure, or page slugs.
To change the location, you just need to add a line with a 301 redirect after the old location, and then add a new location. Here's how it works:
Redirect 301 /oldpage.html http://www.yourwebsite.com/newpage.html
Redirect 301 /oldfolder/page2.html /folder3/page7.html
Redirect 301 / http://www.mynewwebsite.com/
11. Unlock hotlinking
Hotlinking is the process of inserting an image directly from one site to another. In other words, instead of uploading the image to the hosting, the attacker simply inserts a link to the image that is on your site, as a result of which your site loads slower and hosting rates increase in price. Hotlinking can be avoided by allowing only those sites that you own to pull out images. Add the code below to your .htaccess file, but make sure to change the URL to your own site.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourotherwebsite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://i.imgur.com/g7ptdBB.png [NC,R,L]
Now, when someone views your image through a different URL, they will simply see the image specified in the last line of code. This image can be replaced with anything.
Note: Disabling hotlinking may cause problems with displaying images in your RSS feed.
What's Your Reaction?
![Google translator PHP [Code]](https://pakweb.pro/uploads/images/202402/image_650x434_65e099386d8ad.jpg)
![Transfer/ Postings Senior Superintendent Police Hyderabad [Notifications]](https://pakweb.pro/uploads/images/202402/image_100x75_65d7bb0f85d5f.jpg)
