htaccess Settings for WordPress

10 Best .htaccess Settings for Your WordPress Website

The .htaccess file is a powerful configuration file used by Apache-based web servers. It controls various server settings and can significantly enhance your WordPress website’s performance, security, and functionality. Here are the five best .htaccess settings for optimizing your WordPress website.

.htaccess Settings

.htaccess settings for optimizing your WordPress website

1. Enable Gzip Compression

Gzip compression reduces the size of your web pages, which can significantly speed up your website. Faster load times improve user experience and can positively impact your search engine rankings. Add the following code to your .htaccess file to enable Gzip compression:

<IfModule mod_deflate.c>
  # Compress HTML, CSS, JavaScript, Text, XML and fonts
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE font/opentype
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/xml
</IfModule>

2. Leverage Browser Caching

Browser caching stores certain files on a visitor’s local device, reducing the need to download them again on subsequent visits. This can drastically improve load times for repeat visitors. Add this code to your .htaccess file to enable browser caching:

<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType text/html "access plus 1 month"
  ExpiresByType application/pdf "access plus 1 month"
  ExpiresByType text/x-javascript "access plus 1 month"
  ExpiresByType application/x-shockwave-flash "access plus 1 month"
  ExpiresByType image/x-icon "access plus 1 year"
  ExpiresDefault "access plus 2 days"
</IfModule>

3. Redirect HTTP to HTTPS

Ensuring that all traffic is redirected to HTTPS is crucial for security and SEO. Search engines favor secure sites, and HTTPS is essential for protecting user data. Add the following code to your .htaccess file to force HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

4. Disable Directory Browsing

Allowing directory browsing can expose sensitive files and information to unauthorized users. Disabling directory browsing enhances your site’s security. Add this line to your .htaccess file:

Options -Indexes

5. Protect Your wp-config.php File

The wp-config.php file contains critical configuration settings for your WordPress site. Protecting it from unauthorized access is essential. Add this code to your .htaccess file:

<files wp-config.php>
  order allow,deny
  deny from all
</files>

6. Set Up 301 Redirects

A 301 redirect informs search engines and browsers that a page has permanently moved to a new location. This is crucial for maintaining SEO rankings when you change URLs. Add the following code to set up a 301 redirect:

Redirect 301 /old-page.html http://www.yoursite.com/new-page.html

7. Limit Access by IP

To secure sensitive areas of your website, such as the WordPress admin panel, you can limit access by IP address. Add this code to restrict access to your admin area:

<Files wp-login.php>
  order deny,allow
  Deny from all
  Allow from xx.xx.xx.xx
</Files>

Replace xx.xx.xx.xx with your IP address.

8. Disable Hotlinking

Hotlinking occurs when other websites link directly to images on your site, using your bandwidth. Prevent this by adding the following code to your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

9. Block Bad Bots

Certain bots can negatively impact your site by scraping content or consuming server resources. Block these bots by adding this code to your .htaccess file:

<IfModule mod_setenvif.c>
  SetEnvIfNoCase User-Agent "badbot" bad_bot
  <Limit GET POST>
    Order Allow,Deny
    Allow from all
    Deny from env=bad_bot
  </Limit>
</IfModule>

Replace "badbot" with the user agent of the bot you want to block.

10. Prevent Image Hotlinking

To prevent other sites from displaying your images using your bandwidth, add the following code to your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

Conclusion

By implementing these .htaccess settings, you can enhance the performance, security, and SEO of your WordPress website. Remember to back up your .htaccess file before making any changes, as incorrect configurations can cause issues with your site. For optimal results, combine these settings with other optimization techniques and regularly review your website’s performance.


For more expert WordPress tips and support, visit Raja Muhammad Ali’s website or contact me directly for personalized assistance.

ACTIVATE YOUR 35% OFF COUPEN! Everywhere & Every Device,
Your Site Should Flow Seamlessly!

Get a Quote

You can contact me via email/phone above but you’re also welcome to drop me an enquiry through the form below so we can talk about hiring me as your next WordPress developer.