Unknown WordPress htaccess tips & tricks

Lathiya Web Solutions Website Security

What is the .htaccess file?

.htaccess is a configuration file for use on web servers running the Apache Web Server software. .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. It includes basic redirect functionality. for instance, if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hotlink prevention.

How to use the .htaccess file?

.htaccess files provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.

When to use the .htaccess file?

The .htaccess file should be used when the main server configuration file cannot be accessed or modified. It is always best to use the server configuration files over .htaccess files.

The following htaccess will able to help you to achieve a simple task such as redirection and web server optimization;

  • How to create custom error pages
    <pre>ErrorDocument 404 errors/404.html</pre>
  • Control access at files & directory level

If you don't want to give access to the user for accessing a file directly, over the web than drop a .htaccess file in that folder when this file is placed with content something like this.
<pre>
# no one gets in here!

deny from all

</pre>

-  If you want to deny all for direct access and limit access to particular ip range, then add following in your .htaccess.

<pre>
order deny,allow

deny from all

allow from 192.167.0.0/24

</pre>

-  If you want to ban one ip address and allow to access all than add following in your .htaccess.

<pre>

order allow,deny

deny from 83.212.24.219

allow from all

</pre>

  • 301 Redirect
    • If you want to redirect from an old document to new:

    <pre>Redirect 301 /old/file.html http://yourdomain.com/new/file.html</pre>

    • Use following for redirecting Entire Directory.

    <pre>RedirectMatch 301 /blog(.*) http://yourdomain.com/$1</pre>

  • Rename your .htaccess file

<pre> AccessFileName htacc.ess</pre>

  • Change the default page index.html, index.php or index.htm to something else.
    <pre> DirectoryIndex project.html</pre>
  • Change Charset and Language headers

<pre>

AddDefaultCharset UTF-8

DefaultLanguage en-US

</pre>

  • Set Timezone of the Server (GMT)

<pre>SetEnv TZ Australia/Melbourne</pre>

  • Force "File Save As" Prompt

<pre>AddType application/octet-stream .avi .mpg .mov .pdf .xls .mp4</pre>

  • Compress file

<pre>

<IfModule mod_deflate.c>

AddOutputFilterByType DEFLATE text/plain

AddOutputFilterByType DEFLATE text/html

AddOutputFilterByType DEFLATE text/xml

AddOutputFilterByType DEFLATE text/css

AddOutputFilterByType DEFLATE application/xml

AddOutputFilterByType DEFLATE application/xhtml+xml

AddOutputFilterByType DEFLATE application/rss+xml

AddOutputFilterByType DEFLATE application/javascript

AddOutputFilterByType DEFLATE application/x-javascript

AddOutputFilterByType DEFLATE application/x-httpd-php

AddOutputFilterByType DEFLATE application/x-httpd-fastphp

AddOutputFilterByType DEFLATE image/svg+xml

SetOutputFilter DEFLATE

</IfModule>
</pre>

  • Catch file

<pre>
<FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$">

Header set Cache-Control "max-age=2592000"

</FilesMatch>

</pre>

  • Disable caching for certain file type

<pre>
<FilesMatch ".(pl|php|cgi|spl|scgi|fcgi)$">

Header unset Cache-Control

</FilesMatch>

</pre>

  • Disallow Script Execution

<pre>
Options -ExecCGI

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
</pre>

  • Avoid the server from displaying directory index, or the opposite.

<pre>

# disable directory browsing

Options All -Indexes

# enable directory browsing

Options All +Indexes

</pre>

  • Prevent user to access your .htaccess file. Also, you can block multiple file type as well.

<pre>

<Files .htaccess>

order allow,deny

deny from all

</Files>

# prevent viewing of a specific file

<Files specificfile.jpg>

order allow,deny

deny from all

</Files>

# multiple file types

<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">

Order Allow,Deny

Deny from all

</FilesMatch>

</pre>

I hope this post helps you and if you have any query then comment below. You can also contact our experienced developer. Our experienced developer at Lathiya Solutions will be happy to help you.