Many blogs have a .htaccess file that only has the rules cms framework (WordPress, joomla etc.) installed. If you don’t add these .htaccess rules to your root .htaccess file, you’re missing out easy performance improvements any blogger can have. So don’t depend on your cms’s default rules and make your blog better with these simple .htaccess rules.
Best place to put these rule in the .htaccess -file at the root of your domain. Putting these rules into use won’t only cut your page loading times to half, but also they do provide the foundation for further optimization and speed improvements for your website.
This article covers following points of how to :
- protect the .htaccess file itself
- protect your core blog files, like wp-config.php on WordPress
- prevent anyone from seeing the directory indexes on your server
- protect your blog from direct comment spam
- setup file compression to speed up the blog
- (optionally) prevent people from (hot)linking to images on your blog
Few words on .htaccess Basics
.htaccess (HyperText ACCESS) is the default name of a directory-level configuration file . The .htaccess allows for decentralized management of web server configuration. The .htaccess rules at the root of your domain controls every directory and request that happens on your server.
Note Following Before You Start Adding and Changing .htaccess Rules
Adding .htaccess rules will optimize your blog and will make it secure, it will be easy when you know what to do, but because wrong rules in the root .htaccess can really harm a site.
- Always backup your existing .htaccess file!
- Keep that original in a safe place and don’t overwrite it.
- .htaccess is case-sensitive and incorrectly spelled code will cause errors on your server.
- Make sure you edit YOURDOMAIN name where applicable.
Using of .htaccess File
1. Protect .htaccess From Outside Access
This should be at the start of each and every root .htaccess file you ever create.
# Protect the .htaccess file
Order Allow,Deny
Deny from all
2. Protect particular file From Unwanted Access
apply the same principle to protect any file.
# Protect example.php
Order Allow,Deny
Deny from all
3. Disable Directory Browsing
This simple directive will prevent anyone from accessing the index and files in your folder. Your file permissions are important, but this will prevent a casual visitor from accessing the index and the files in any directory.
# Disable directory browsing
Options All -Indexes
4. Protect From Spam Comments
There are many spammers who make use of script for spam comments. Some plugin provide a way to prevent this case, but using of .htaccess-file of any blog is the most economical way to prevent direct comment spam attempts
# Protect from spam comments
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*YOURDOMAIN.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
5. (OPTIONAL) Prevent Hotlinking
If someone is hotlinks to images on your server, It will redirect any outside linking to an image on your server to another image instead which you can have on another (free) domain.
First make a “please don’t hotlink” image and save it on a free image hosting, like Flickr, Picasa etc. Then edit the URL of the image to the code.
# Prevent Hotlinking
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+.)?YOURDOMAIN.com/ [NC]
RewriteRule .(jpg|jpeg|png|gif)$ http://ANOTHERDOMAIN.com/nohotlinking.jpg [NC,R,L]
Note : Change the image name as per your need. I have used test name for image.
6. Additional .htaccess Tricks
6.1. Your Own Shortlinks (in WordPress)
When you have to use SEO-friendly url on your website then you must go with this rule. If you have to rewrite the url as per depend upon the condition this will help you. Using this rules you can reduce the directive level which is better for SEO point of view.
# BEGIN URL Shortening
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/([0-9]+)$
RewriteRule .* http://YOURDOMAIN.com/?p=%1 [R=301,L]
# END URL Shortening
6.2. Force Download (e.g. for mp3, PDFs, etc.)
This rule will force the files to be downloaded instead of opening them in a browser for your blogs.
ForceType application/octet-stream
Header set Content-Disposition attachment
6.3. 301 Redirect using htaccess
If we want to redirect requested page from an old document to new:
RewriteEngine On
Redirect 301 /old/file.html http://YOURDOMAIN.com/new/file.html
Use following for redirecting Entire Directory.
RewriteEngine On
RedirectMatch 301 /blog(.*) http://YOURDOMAIN.com/$1
6.4. Redirect browser to https (ssl)
This rule will redirect entire website to https(ssl).
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
6.5 Rewrite URLs using htacccess
Rewriting product.php?id=12 to product-12.html
RewriteEngine on
RewriteRule ^product-([0-9]+).html$ product.php?id=$1
Rewriting product.php?id=12 to product/ipod-nano/12.html
RewriteEngine on
RewriteRule ^product/([a-zA-Z0-9_-]+)/([0-9]+).html$ product.php?id=$2
Redirecting non www URL to www URL
RewriteEngine On
RewriteCond %{HTTP_HOST} ^YOURDOMAIN.net$
RewriteRule (.*) http://www.YOURDOMAIN.net/$1 [R=301,L]
Rewriting YOURDOMAIN.com/user.php?username=xyz to YOURDOMAIN.com/xyz
RewriteEngine On
RewriteRule ^([a-zA-Z0-9_-]+)$ user.php?username=$1
RewriteRule ^([a-zA-Z0-9_-]+)/$ user.php?username=$1
Redirecting the domain to a new subfolder of inside public_html
RewriteEngine On
RewriteCond %{HTTP_HOST} ^YOURDOMAIN.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.YOURDOMAIN.com$
RewriteCond %{REQUEST_URI} !^/new/
RewriteRule (.*) /new/$1
That’s It! You are ready to go with .htaccess
If you want to test your rule is working properly then please go to this link : http://www.internetofficer.com/seo-tool/redirect-check
This helps you to show what are the redirection for your particular page and hence you will test you rule.
Now you know how to change this! With the help of these you can achieve two important things, higher security and bit of optimization.