10 awesome .htaccess hacks for WordPress

by Jean.

.htaccess, the file which control the Apache webserver, is very useful and allows you to do a lot of things. In this article, let’s see how .htaccess can help you with your WordPress blog, for both security,functionnality and usability.

Warning

When editing or modifying the .htaccess file of your WordPress blog, make sure to always have a backup that you can restore in case of something went wrong.

1 – Redirect WordPress RSS feeds to feedburner with .htaccess

Which blogger doesn’t use feedburner? Sure, feedburner is a very nice service, allowing you to know how many people suscribed to your rss feeds. The only problem is that you must edit your theme files to manually change the rss url. Happilly, there’s a nice hack, using .htaccess, which will make you save a lot of time!
Don’t forget to modify line 6 before applying this code!

# temp redirect wordpress content feeds to feedburner
<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP_USER_AGENT} !FeedBurner    [NC]
 RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
 RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds2.feedburner.com/catswhocode [R=302,NC,L]
</IfModule>

Source: How to redirect WordPress rss feeds to feedburner

2 – Remove /category/ from your WordPress url

By default, WordPress category permalinks are displayed that way:

http://www.catswhocode.com/blog/category/wordpress

As you can see, the category in the url is pretty useless. Here’s how to remove it:
First backup your .htaccess file. Then, open it and append the following line:

RewriteRule ^category/(.+)$ http://www.yourblog.com/$1 [R=301,L]

Once saved, your categories pages will be displayed like this:

http://www.catswhocode.com/blog/wordpress

Source: How to remove category from your WordPress url

3 – Using browser cache

A very good way to optimize your blog loading time is to force the use of the browser cache. This code will not improve your blog loading time directly, but it will save some work to the server by sending a 304 not modified status when the requested element haven’t been modified.

FileETag MTime Size
<ifmodule mod_expires.c>
  <filesmatch "\.(jpg|gif|png|css|js)$">
       ExpiresActive on
       ExpiresDefault "access plus 1 year"
   </filesmatch>
</ifmodule>

Source: Comment accelerer le temps de chargement de votre blog

4 – Compress static data

Do you know that it is possible to send compressed data to the visitors, which will be decompressed by the client? This code will definitely save you (and your visitor) bandwidth and reduce your pages weight.

AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html

5 – Redirect Day and name permalinks to /%postname%/

The first thing to do is to login to your WordPress admin, go to Settings → Permalinks and select custom. Fill out the field with /%postname%/.
Your permalinks will now look like the ones on this blog:

http://www.yourblog.com/name-of-the-post

Now we got to redirect all backlinks using the old permalinks structure to the new permalink structure. To do so, you’ll have to edit the .htaccess file, located in WordPress root directory.
Paste the following line in your .htaccess:

RedirectMatch 301 /([0-9]+)/([0-9]+)/([0-9]+)/(.*)$ http://www.domain.com/$4

Allright! You just changed your permalinks structure without loosing any backlinks!
Source: Redirect day and name permalinks to postname

6 – How to: Deny comment posting to no referrer requests

Are you sick and tired about the daily amount of spam comments received? Sure, there’s akismet, but here’s a little .htaccess trick to prevent spammers posting on your blog. The fact is that most spammers uses bots comming from nowhere. This code will look for the referrer (the page from where the commentator come from) and will deny commenting if the commentator try to access the wp-comments-post.php file without directly comming from your blog.
Just change the line 4 and specify your blog url there.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Source: How to deny comment posting to no referrer requests

7 – Redirect visitors to a maintenance page

When you’re upgrading your blog, or making theme/design changes, it isn’t a good idea to let people see your blog being tweaked, sometimes with design or code problems, or even worst, security gaps.
The solution is to design a nice “maintenance page” and temporarily redirect your visitors to that page until you finished the maintenance.
Replace maintenance.html (line 2) by the page you’d like to redirect your visitors, and the IP adress on line 3 by your own ip.
Note that a 302 redirection is used, to avoid search engines indexing the maintenance page instead of your real homepage!

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]

Source: Comment faire une page d’accueil pour les internautes

8 – Protect your WordPress blog from hotlinking

Hotlinking is the use of an image from one site into a web page belonging to another site. Many bloggers are hotlinked, and have their bandwidth used on another websites. This very helpful code will protect your WordPress blog from hotlinking.

RewriteEngine On
#Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your "don't hotlink" image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

Source: How to protect your WordPress blog from hotlinking

9 – Allow only your IP adress on the wp-admin directory

Excepted the case of a collaborative blog, only you should be allowed to visit the wp-admin directory. If you have a static IP, this code will do the job.
All you have to do is to enter your static IP adress on line 8. Note that you can add more IPs if needed, by creating a new line with: allow from xx.xx.xxx.xx inside.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Example Access Control"
AuthType Basic
<LIMIT GET>
order allow, deny
deny from all
allow from xx.xx.xx.xx
</LIMIT>

Source: Protecting the WordPress wp-admin folder

10 – Banning a WordPress Spammer With .htaccess

You know it, spam is very annoying. In the case of a particular person/bot spamming you, you can easily avoid it by blacklisting the IP.
Simply replace the IP adress on line 3 by the spammer’s IP. You can add more spammers by creating a new line with deny from xxx.xx.xxx.xxx inside.

<Limit GET POST>
order allow,deny
deny from 200.49.176.139
allow from all
</Limit>

Source: The easiest way to ban a WordPress spammer

CWC Special Deal!

Get one year of quality hosting + domain from A Small Orange for only $40 with our exclusive deal!

Featured WordPress Theme

Videobox - Video / Magazine / WooCommerce WordPress Theme