We have the Best Collection of Code for your functions.php file thread, so I thought that it might be useful to create a thread for our .htaccess files.
AND PLEASE REMEMBER TO ADD ANY OF YOUR OWN SNIPPETS TO THIS LIST
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
These are 3 snippet for better performance, regarding Yahoo! rules:
Disable Etags:
Header unset ETag FileETag None
Add expire headers:
<FilesMatch ".(ico|jpg|jpeg|png|gif|js|css|swf)$"> Header set Expires "Tue, 16 Jun 2020 20:00:00 GMT" </FilesMatch>
Or
ExpiresActive On ExpiresByType text/html "access plus 1 day" ExpiresByType image/gif "access plus 10 years" ExpiresByType image/jpeg "access plus 10 years" ExpiresByType image/png "access plus 10 years" ExpiresByType text/css "access plus 10 years" ExpiresByType text/javascript "access plus 10 years" ExpiresByType application/x-javascript "access plus 10 years"
Compress plain text file:
<FilesMatch ".(js|css|html|htm|php|xml)$"> SetOutputFilter DEFLATE </FilesMatch>
Read more about them here.
Updated:
Redirect requests to www domain
RewriteCond %{HTTP_HOST} !^www.domain.tld [NC]
RewriteRule ^(.*)$ http://www.domain.tld/$1 [R=301,L]
Block request to xmlrpc.php
Use this only when you don’t use remote publishing as it can prevent your blog from hacks.
RewriteRule ^(.*)xmlrpc.php$ http://www.domain.tld [R=301,L]
Redirect all feeds to feedburner
RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator) [NC]
RewriteRule ^feed/?.*$ http://feeds.feedburner.com/feed_uri [R=301,NC,L]
Method 2
Better rewrite rules for WordPress permalinks
By default WordPress sends a 404 HTML page for missing images and stylesheets – they are never rendered by a browser. And it catches your symbolic links.
# Images, Stylesheets etc. don't need a HTML 404
RewriteCond %{REQUEST_URI} !.+.w{2,4}$
# Existing file
RewriteCond %{REQUEST_FILENAME} !-f
# Existing directory
RewriteCond %{REQUEST_FILENAME} !-d
# Symbolic link
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^ index.php [L]
Method 3
GZip compression
GZip compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
</IfModule>
Method 4
Some basic Security stuff.
# limit indexing of directories
Options All -Indexes
# protect the htaccess file,
# this is done by default with apache config file,
# but you never know.
<files .htaccess>
order allow,deny
deny from all
</files>
# disable the server signature
ServerSignature Off
# limit file uploads to 10mb
LimitRequestBody 10240000
# protect wpconfig.php.
<files wp-config.php>
order allow,deny
deny from all
</files>
# Limit logins and admin by IP
# this goes in the /admin folder NOT root folder .htaccess
<Limit GET POST PUT>
order deny,allow
deny from all
allow from xx.xx.xx.xx //( your static IP)
</Limit>
# block bad query strings (hackers/bots), please be aware this might break some plugins
# QUERY STRING EXPLOITS
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} ../ [NC,OR]
RewriteCond %{QUERY_STRING} boot.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag= [NC,OR]
RewriteCond %{QUERY_STRING} ftp: [NC,OR]
RewriteCond %{QUERY_STRING} http: [NC,OR]
RewriteCond %{QUERY_STRING} https: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*([|]|(|)|<|>|'|"|;|?|*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
Method 5
Redirects and pretty permalinks without mod_rewrite
# - script kiddies Redirect permanent /admin.php http://localhost Redirect permanent /_vti_bin http://localhost Redirect permanent /css http://localhost Redirect permanent /site http://localhost Redirect permanent /s/ http://localhost Redirect permanent /v/ http://localhost Redirect permanent /html http://localhost Redirect permanent /stil http://localhost Redirect permanent /wp-content/cache.php http://localhost # - stupid robots Redirect permanent /sitemap.gz /sitemap.xml.gz Redirect permanent /default.htm / Redirect permanent /feeds/posts/default /feed/ - URL truncating RedirectMatch Permanent ^/page/$ / # /category/ and /comments/ to a TOC RedirectMatch Permanent ^/(category|comments)/$ /uebersicht/ # Git only! :) RedirectMatch Permanent .(svn|cvs|SVN|CVS|bzr) http://localhost # Bots searching for mobile versions # see http://perishablepress.com/press/2010/04/26/stop-404-requests-for-mobile-versions-of-your-site/#comment-78105 RedirectMatch gone /mobi(le)?($|/) RedirectMatch gone /iphone($|/) # - 410 # Old feeds are dead Redirect gone /2008/feed/ Redirect gone /2009/feed/ Redirect gone /2010/feed/ # stupid bots and browsers again Redirect gone /crossdomain.xml Redirect gone /labels.rdf Redirect gone /.well-known Redirect gone /parent-page RedirectMatch gone .*/config$ # Pretty permalinks without mod_rewrite! ErrorDocument 404 /index.php
Method 6
ERRATA
#Jauntily show the admin’s email address in error message
SetEnv SERVER_ADMIN <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0861666e674871677d7a7b617c6d266b6765">[email protected]</a>
#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?yoursite.com/.*$ [NC]
#RewriteRule .(gif|jpg|png)$ – [F]
#RewriteRule .(gif|jpg|png)$ http://www.yoursite.com/wp-content/uploads/2011/04/bracker_thou_shalt_not_steal24.jpg [R,L]
#block referring domains
#RewriteEngine on
#RewriteCond %{HTTP_REFERER} digg.com [NC]
#RewriteRule .* – [F]
#Remove /category/ from your WordPress url
RewriteRule ^category/(.+)$ http://www.yourblog.com/$1 [R=301,L]
#Redirect visitors to a maintenance page
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123.123.123.123
RewriteRule $ /maintenance.html [R=302,L]
#auto-correct simple URL spelling mistakes
<IfModule mod_speling.c>
CheckSpelling On
</IfModule>
#better login
RewriteRule ^login$ http://example.com/wp-login.php [NC,L]
Method 7
This is something more secured i hop you like this
# BEGIN WordPress Browser Cache
<IfModule mod_mime.c>
AddType text/css .css
AddType application/x-javascript .js
AddType text/x-component .htc
AddType text/html .html .htm
AddType text/richtext .rtf .rtx
AddType image/svg+xml .svg .svgz
AddType text/plain .txt
AddType text/xsd .xsd
AddType text/xsl .xsl
AddType text/xml .xml
AddType video/asf .asf .asx .wax .wmv .wmx
AddType video/avi .avi
AddType image/bmp .bmp
AddType application/java .class
AddType video/divx .divx
AddType application/msword .doc .docx
AddType application/vnd.ms-fontobject .eot
AddType application/x-msdownload .exe
AddType image/gif .gif
AddType application/x-gzip .gz .gzip
AddType image/x-icon .ico
AddType image/jpeg .jpg .jpeg .jpe
AddType application/vnd.ms-access .mdb
AddType audio/midi .mid .midi
AddType video/quicktime .mov .qt
AddType audio/mpeg .mp3 .m4a
AddType video/mp4 .mp4 .m4v
AddType video/mpeg .mpeg .mpg .mpe
AddType application/vnd.ms-project .mpp
AddType application/x-font-otf .otf
AddType application/vnd.oasis.opendocument.database .odb
AddType application/vnd.oasis.opendocument.chart .odc
AddType application/vnd.oasis.opendocument.formula .odf
AddType application/vnd.oasis.opendocument.graphics .odg
AddType application/vnd.oasis.opendocument.presentation .odp
AddType application/vnd.oasis.opendocument.spreadsheet .ods
AddType application/vnd.oasis.opendocument.text .odt
AddType audio/ogg .ogg
AddType application/pdf .pdf
AddType image/png .png
AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
AddType audio/x-realaudio .ra .ram
AddType application/x-shockwave-flash .swf
AddType application/x-tar .tar
AddType image/tiff .tif .tiff
AddType application/x-font-ttf .ttf .ttc
AddType audio/wav .wav
AddType audio/wma .wma
AddType application/vnd.ms-write .wri
AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
AddType application/zip .zip
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css A31536000
ExpiresByType application/x-javascript A31536000
ExpiresByType text/x-component A31536000
ExpiresByType text/html A3600
ExpiresByType text/richtext A3600
ExpiresByType image/svg+xml A3600
ExpiresByType text/plain A3600
ExpiresByType text/xsd A3600
ExpiresByType text/xsl A3600
ExpiresByType text/xml A3600
ExpiresByType video/asf A31536000
ExpiresByType video/avi A31536000
ExpiresByType image/bmp A31536000
ExpiresByType application/java A31536000
ExpiresByType video/divx A31536000
ExpiresByType application/msword A31536000
ExpiresByType application/vnd.ms-fontobject A31536000
ExpiresByType application/x-msdownload A31536000
ExpiresByType image/gif A31536000
ExpiresByType application/x-gzip A31536000
ExpiresByType image/x-icon A31536000
ExpiresByType image/jpeg A31536000
ExpiresByType application/vnd.ms-access A31536000
ExpiresByType audio/midi A31536000
ExpiresByType video/quicktime A31536000
ExpiresByType audio/mpeg A31536000
ExpiresByType video/mp4 A31536000
ExpiresByType video/mpeg A31536000
ExpiresByType application/vnd.ms-project A31536000
ExpiresByType application/x-font-otf A31536000
ExpiresByType application/vnd.oasis.opendocument.database A31536000
ExpiresByType application/vnd.oasis.opendocument.chart A31536000
ExpiresByType application/vnd.oasis.opendocument.formula A31536000
ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
ExpiresByType application/vnd.oasis.opendocument.text A31536000
ExpiresByType audio/ogg A31536000
ExpiresByType application/pdf A31536000
ExpiresByType image/png A31536000
ExpiresByType application/vnd.ms-powerpoint A31536000
ExpiresByType audio/x-realaudio A31536000
ExpiresByType image/svg+xml A31536000
ExpiresByType application/x-shockwave-flash A31536000
ExpiresByType application/x-tar A31536000
ExpiresByType image/tiff A31536000
ExpiresByType application/x-font-ttf A31536000
ExpiresByType audio/wav A31536000
ExpiresByType audio/wma A31536000
ExpiresByType application/vnd.ms-write A31536000
ExpiresByType application/vnd.ms-excel A31536000
ExpiresByType application/zip A31536000
</IfModule>
<IfModule mod_deflate.c>
<IfModule mod_setenvif.c>
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
BrowserMatch bMSI[E] !no-gzip !gzip-only-text/html
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon
</IfModule>
</IfModule>
<FilesMatch ".(css|js|htc|CSS|JS|HTC)$">
<IfModule mod_headers.c>
Header set Pragma "public"
Header append Cache-Control "public, must-revalidate, proxy-revalidate"
</IfModule>
FileETag MTime Size
<IfModule mod_headers.c>
Header set X-Powered-By "W3 Total Cache/0.9.2.4"
</IfModule>
</FilesMatch>
<FilesMatch ".(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|HTML|HTM|RTF|RTX|SVG|SVGZ|TXT|XSD|XSL|XML)$">
<IfModule mod_headers.c>
Header set Pragma "public"
Header append Cache-Control "public, must-revalidate, proxy-revalidate"
</IfModule>
FileETag MTime Size
<IfModule mod_headers.c>
Header set X-Powered-By "W3 Total Cache/0.9.2.4"
</IfModule>
</FilesMatch>
<FilesMatch ".(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EOT|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|OTF|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SVG|SVGZ|SWF|TAR|TIF|TIFF|TTF|TTC|WAV|WMA|WRI|XLA|XLS|XLSX|XLT|XLW|ZIP)$">
<IfModule mod_headers.c>
Header set Pragma "public"
Header append Cache-Control "public, must-revalidate, proxy-revalidate"
</IfModule>
FileETag MTime Size
<IfModule mod_headers.c>
Header set X-Powered-By "W3 Total Cache/0.9.2.4"
</IfModule>
</FilesMatch>
# END WordPress Browser Cache
# BEGIN WordPress Page Cache core
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^(.*/)?Wordpress_rewrite_test$ $1?Wordpress_rewrite_test=1 [L]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* - [E=Wordpress_ENC:_gzip]
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} =""
RewriteCond %{HTTP_HOST} =hubtank.com
RewriteCond %{REQUEST_URI} !(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|/feed/|wp-.*.php|index.php) [NC,OR]
RewriteCond %{REQUEST_URI} (wp-comments-popup.php|wp-links-opml.php|wp-locations.php) [NC]
RewriteCond %{HTTP_COOKIE} !(comment_author|wp-postpass|wordpress_[a-f0-9]+|wordpress_logged_in) [NC]
RewriteCond %{HTTP_USER_AGENT} !(W3 Total Cache/0.9.2.4) [NC]
RewriteCond "%{DOCUMENT_ROOT}/wp-content/Wordpress/pgcache/%{REQUEST_URI}/_index%{ENV:Wordpress_UA}%{ENV:Wordpress_REF}%{ENV:Wordpress_SSL}.html%{ENV:Wordpress_ENC}" -f
RewriteRule .* "/wp-content/Wordpress/pgcache/%{REQUEST_URI}/_index%{ENV:Wordpress_UA}%{ENV:Wordpress_REF}%{ENV:Wordpress_SSL}.html%{ENV:Wordpress_ENC}" [L]
</IfModule>
# END WordPress Page Cache core
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0