htaccess Commands for WordPress
An htaccess file can do so many things for your website, that you cannot even begin to imagine it. It is one of the most important files, although many of us ignore its existence (just as we ignore the existence of robots.txt files). Recently I read a blog post on some useful .htaccess commands and how to implement them in your blog.
What is an .htaccess file ?
Ok, I know not all bloggers know what an .htaccess file is. Especially if you are hosting your blog at a free blog-hosting platform like Blogspot or WordPress. An .htaccess file is a server side small file that sits on your web server like any other typical file and directs all the incoming requests by your website or blog visitors. It’s like a gate man or a security guard for any website.
How can I create a .htaccess file for my blog or website?
The answer is easy too. All you have to do is take your Windows notepad and copy and paste any command from below. Then save the file as an .htaccess (name the file .htaccess, don’t forget the “.” (period) before the file name). When you save the file, select “Save as type” as “All Files”. Before you upload the file to your web server, make sure you do not have any .htaccess file there. If you have an .htaccess file (normally most of the scripts like WordPress come with a basic .htaccess file), instead of overwriting your current .htaccess file, you can add any command from below at the end of your existing .htaccess file.
I will update this post from time to time and include new and more useful commands for an .htaccess file. For now I will only discuss following commands:
- 1. Protects itself (security)
- 2. Turns the digital signature off (security)
- 3. Limits upload size (security)
- 4. Protects wp-config.php (security)
- 5. Gives access permission to all visitors with exceptions (security, usability)
- 6. Specifies custom error documents (usability)
- 7. Disables directory browsing (security)
- 8. Redirects old pages to new (optional)
- 9. Disables image hotlinking (bandwidth)
- 10. Enables PHP compression (bandwidth)
- 11. Sets the canonical or “standard” url for your site (seo, usability)
# Protect the .htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>
# disable the server signature
ServerSignature Off
# Limit file uploads to 10 MB
LimitRequestBody 10240000
# Protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
# Who has access & who doesnt
order allow,deny
#deny from 000.000.000.000
allow from all
# Custom error pages like 404
ErrorDocument 404 /notfound.php
ErrorDocument 403 /forbidden.php
ErrorDocument 500 /error.php
# Disable directory browsing
Options All -Indexes
# Redirect old URL to new URL
Redirect 301 /old.php http://www.yourdomain.com/new.php
# Block referring domains
RewriteEngine on
RewriteCond %{HTTP_REFERER} digg\.com [NC]
RewriteRule .* - [F]
# Disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ - [F]
#RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/stealingisbad.gif [R,L]
# php compression - use with caution
<ifmodule mod_php4.c>
php_value zlib.output_compression 16386
</ifmodule>
# Set the canonical url
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\.com$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301,L]
# Protection from spam comments
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
