Optimizing WordPress using the .htaccess file involves implementing directives to enhance site performance, security, and functionality. Below are key techniques with examples:
1. Enable GZIP Compression
Compress files to reduce their size and speed up loading times.
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom_xml application/font-woff application/font-woff2 image/svg+xml
</IfModule>
2. Leverage Browser Caching
Cache static resources in the user's browser.
<IfModule mod_expires.c>
ExpiresActive On ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
3. Prevent Hotlinking
Stop other sites from embedding your images.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?yourwebsite\.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F,NC,L]
</IfModule>
4. Block Bad Bots
Prevent access from known malicious bots.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(badbot|evilbot|maliciousbot).*$ [NC]
RewriteRule .* - [F,L]
</IfModule>
5. Disable Directory Browsing
Prevent listing files in directories.
Options -Indexes
6. Limit Access to wp-config.php
Secure your critical WordPress configuration file.
<Files wp-config.php>
order allow,deny
deny from all
</Files>
7. Protect .htaccess File
Prevent others from modifying the .htaccess file.
<Files .htaccess>
order allow,deny
deny from all
</Files>
8. Redirect HTTP to HTTPS
Force your website to use HTTPS.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
9. Limit Post Request Size
Prevent large requests to mitigate DoS attacks.
LimitRequestBody 10485760
10. Enable CORS
Allow resources to be shared across domains (useful for APIs and fonts).
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
11. Restrict Access to Admin Area
Restrict wp-admin access to specific IPs.
<FilesMatch "wp-login.php">
order deny,allow
Deny from all
Allow from 123.456.789.0
</FilesMatch>
12. Enable Keep-Alive
Improve connection handling.
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>
13. Remove ETags
Reduce overhead by disabling ETags.
<IfModule mod_headers.c>
Header unset ETag
</IfModule>
FileETag None
14. Optimize Default WordPress .htaccess
Include clean permalink rules and other optimizations.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
These optimizations should be tested thoroughly to ensure compatibility with your WordPress setup and server configuration. Back up your .htaccess file before making changes.
Top comments (0)