30 Popular .htaccess code snippets
“A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration„. (FromWikipedia) The .htaccess method will only effect the folder in which the .htaccess file resides, and all the folders inside. The .htaccess file is very useful and allows you to do a lot of things… Here’s my list of the most popular htaccess code snippets that can be added to your .htaccess file. I hope you find them as useful as I do.
.Htaccess Code Snippets, Examples, Tips And Tricks
01. Protect WordPress Blog From Script Injections
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
Source: http://wptidbits.com/tutorials/21-mo...for-wordpress/
02. Prevent Hotlinking
RewriteEngine On
#Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your "don't hotlink" image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
03. Configure Your Website For HTML5 Videos
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
AddType video/ogg .ogv
AddType video/ogg .ogg
AddType video/mp4 .mp4
AddType video/webm .webm
AddType application/x-shockwave-flash swf
Source: http://snipplr.com/view.php?codeview&id=53437
04. Use Browser Caching To Improve Blog Speed
<ifmodule mod_expires.c="">
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"
</ifmodule>
Source: http://www.onextrapixel.com/2011/11/...for-wordpress/
05. Blacklist Undesired Users And Bots Ip Address
<limit get="" post="" put="">
order allow,deny
allow from all
deny from 123.456.789
deny from 93.121.788
deny from 223.956.789
deny from 128.456.780
</limit>
Source: http://www.smashingmagazine.com/2010...curity-tweaks/
06. Redirect Hotlinkers
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(subdomain\.)?domain.tld/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ http://google.com [R]
Source: http://www.askapache.com/htaccess/ul...le-sample.html
07. Force Trailing Slash
<ifmodule mod_rewrite.c="">
RewriteCond %{REQUEST_URI} /+[^\.]+$
RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]
</ifmodule>
Source: http://perishablepress.com/code-snippets/
08. Remove File Extensions From Urls
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html
# Replace html with your file extension, eg: php, htm, asp
Source: http://eisabainyo.net/weblog/2007/08...n-via-htaccess
09. If You Want To Cover Both Http And Https
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_HOST}//s%{HTTPS} ^www.(.*)//((s)on|s.*)$ [NC]
RewriteRule ^ http%3://%1%{REQUEST_URI} [L,R=301]
Source: http://www.askapache.com/htaccess/co...-examples.html
10. Create Custom Error Pages
ErrorDocument 400 /errors/badrequest.html
ErrorDocument 401 /errors/authreqd.html
ErrorDocument 403 /errors/forbid.html
ErrorDocument 404 /errors/notfound.html
ErrorDocument 500 /errors/serverr.html
Source: http://css-tricks.com/snippets/htacc...m-error-pages/
11. Log PHP Errors
# display no errs to user
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
# log to file
php_flag log_errors on
php_value error_log /location/to/php_error.log
Source: http://css-tricks.com/snippets/htacc...error-logging/
12. Redirect WordPress Feeds To FeedBurner
# temp redirect wordpress content feeds to feedburner
<ifmodule mod_rewrite.c="">
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC]
RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/webanddesigners [R=302,NC,L]
</ifmodule>
Source: http://perishablepress.com/press/200...taccess-redux/
13. Force Download Of Specific Files
<files *.xls="">
ForceType application/octet-stream
Header set Content-Disposition attachment
</files>
<files *.eps="">
ForceType application/octet-stream
Header set Content-Disposition attachment
</files>
Source: http://www.givegoodweb.com/post/30/f...e-and-htaccess
14. Require Password For 1 File
<files login.php="">
AuthName "Prompt"
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Require valid-user
</files>
15. Protect Multiple Files
<filesmatch "^(exec|env|doit|phpinfo|w)\.*$"="">
AuthName "Development"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
</filesmatch>
Source: http://www.angelmonticelli.com.ar/20...code-snippets/
16. Compress Text Files
<ifmodule mod_deflate.c="">
<filesmatch "\.(css|js|x?html?|php)$"="">
SetOutputFilter DEFLATE
</filesmatch>
</ifmodule>
17. Expire Headers
<ifmodule mod_expires.c="">
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType image/x-icon "access plus 2592000 seconds"
ExpiresByType image/jpeg "access plus 2592000 seconds"
ExpiresByType image/png "access plus 2592000 seconds"
ExpiresByType image/gif "access plus 2592000 seconds"
ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
ExpiresByType text/css "access plus 604800 seconds"
ExpiresByType text/javascript "access plus 216000 seconds"
ExpiresByType application/javascript "access plus 216000 seconds"
ExpiresByType application/x-javascript "access plus 216000 seconds"
ExpiresByType text/html "access plus 600 seconds"
ExpiresByType application/xhtml+xml "access plus 600 seconds"
</ifmodule>
18. Cache-Control Headers
<ifmodule mod_headers.c="">
<filesmatch "\.(ico|jpe?g|png|gif|swf)$"="">
Header set Cache-Control "max-age=2592000, public"
</filesmatch>
<filesmatch "\.(css)$"="">
Header set Cache-Control "max-age=604800, public"
</filesmatch>
<filesmatch "\.(js)$"="">
Header set Cache-Control "max-age=216000, private"
</filesmatch>
<filesmatch "\.(x?html?|php)$"="">
Header set Cache-Control "max-age=600, private, must-revalidate"
</filesmatch>
</ifmodule>
19. Turn ETags Off
<ifmodule mod_headers.c="">
Header unset ETag
</ifmodule>
FileETag None
20. Remove Last-Modified Header
<ifmodule mod_headers.c="">
Header unset Last-Modified
</ifmodule>
Source: http://www.samaxes.com/2009/01/more-...with-htaccess/
21. Banning A WordPress Spammer With .Htaccess
<limit get="" post="">
order allow,deny
deny from 200.49.176.139
allow from all
</limit>
Source: The easiest way to ban a WordPress spammer
22. How To: Deny Comment Posting To No Referrer Requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
23. Redirect Www To Non Www Or Vice Versa
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.yourblogname.com [NC]
RewriteRule ^(.*)$ http://yourblogname.com/$1 [L,R=301]
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^yourblogname.com [NC]
RewriteRule ^(.*)$ http://www.yourblogname.com/$1 [L,R=301]
Source: http://www.webanddesigners.com/20-ht...-from-hacking/
24. Block Referring Domains
#block referring domains
RewriteEngine on
RewriteCond %{HTTP_REFERER} digg\.com [NC]
RewriteRule .* – [F]
25. Redirect Visitors To A Maintenance Page
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]
Source: Comment faire une page d’accueil pour les internautes
26. Allow Only Your IP Adress On The Wp-Admin Directory
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Example Access Control"
AuthType Basic
<limit get="">
order allow, deny
deny from all
allow from xx.xx.xx.xx
</limit>
Source: Protecting the WordPress wp-admin folder
27. Password-Protect Single File
<files secure.php="">
AuthType Basic
AuthName "Prompt"
AuthUserFile /home/path/.htpasswd
Require valid-user
</files>
28. Password-Protect Multiple Files
<filesmatch "^(execute|index|secure|insanity|biscuit)*$"=" ">
AuthType basic
AuthName "Development"
AuthUserFile /home/path/.htpasswd
Require valid-user
</filesmatch>
29. Redirect Any Request For Anything From Spamsite To Differentspamsite
RewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$ [NC]
RewriteRule .* http://www.differentspamsite.com [R]
Redirect All Requests From Spamsite To An Image Of Something At Differentspamsite
RewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$ [NC]
RewriteRule .* http://www.differentspamsite/something.jpg [R]
Redirect Traffic From A Certain Address Or Range Of Addresses To Another Site
RewriteCond %{REMOTE_ADDR} 192.168.10.*
RewriteRule .* http://www.differentspamsite.com/index.html [R]
Source: http://perishablepress.com/press/200...access-tricks/
30. Speed Up Your Site With .Htaccess Caching
# 1 YEAR
<filesmatch "\.(ico|pdf|flv)$"="">
Header set Cache-Control "max-age=29030400, public"
</filesmatch>
# 1 WEEK
<filesmatch "\.(jpg|jpeg|png|gif|swf)$"="">
Header set Cache-Control "max-age=604800, public"
</filesmatch>
# 2 DAYS
<filesmatch "\.(xml|txt|css|js)$"="">
Header set Cache-Control "max-age=172800, proxy-revalidate"
</filesmatch>
# 1 MIN
<filesmatch "\.(html|htm|php)$"="">
Header set Cache-Control "max-age=60, private, proxy-revalidate"
</filesmatch>
Source: http://www.askapache.com/htaccess/sp...s-caching.html
31. Redirect All WordPress Feeds To Feedburner
<ifmodule mod_alias.c="">
RedirectMatch 301 /feed/(atom|rdf|rss|rss2)/?$ http://feedburner.com/yourfeed/
RedirectMatch 301 /comments/feed/(atom|rdf|rss|rss2)/?$ http://feedburner.com/yourfeed/
</ifmodule>
Source: http://www.wprecipes.com/how-to-redi...-with-htaccess
32. Stop Spam On Your WordPress Blog
<ifmodule mod_rewrite.c="">
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomainname.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</ifmodule>
Source: http://www.wprecipes.com/reduce-spam...using-htaccess
33. Deny Access To Your Wp-Config.Php File
# protect wpconfig.php
<files wp-config.php="">
order allow,deny
deny from all
</files>
34. Securing The .Htaccess
<files ~="" "^.*\.([hh][tt][aa])"="">
order allow,deny
deny from all
satisfy all
</files>
Source: http://www.onextrapixel.com/2011/11/...for-wordpress/
Warning: .htaccess files can do more harm than good if used incorrectly. You should always be careful when modifying your htaccess file: even a minor typographical error can make your site unusable!
So, be sure to keep the original working .htaccess as backup just in case you need to revert to original settings.