One thing I would always love about the .htaccess file in a website root directory is its ability to override configuration settings which includes server’s global configuration, content type and character set. With this in mind, it is simply possible to perform lots of functions on your wordpress blog using the .htacces files, functions such as securing your wordpress blog.
If up till now you do not know what the .htaccess file is, let me explain
What is a .htaccess file
According to Wikipedia, A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration. They are placed inside the web tree, and are able to override a subset of the server’s global configuration for the directory that they are in, and all sub-directories.
Now you know a .htaccess file is, let’s move on to 10 tricks you can use the .haccess file to improve your wordpress blog.
How to Improve Your WordPress Blog Using .htaccess
- Redirect WordPress Feeds to Feedburner
Do you want to redirect your WordPress Feeds to your Feedburner address, add this to your .htaccess file.
# temp redirect wordpress content feeds to feedburner
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC]
RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/webanddesigners [R=302,NC,L]
</IfModule>
- Block or Ban a Specific IP
You can ban an IP using the .htaccess file, the list of IP’s should be changed to the one you wish to BAN
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
deny from 93.121.788
deny from 223.956.789
deny from 128.456.780
</LIMIT>
- Deny access to your wp-config.php file
You can block access from your wp-config.php file, it contains stuff like database username,name and password. Blocking it would help secure your blog.
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
- Redirect error to Customized 404, 403, 500 and other error pages
You can create a customized error page such as 404 Error Page, 500 Error Page and other error pages. Simply create files in your root directory with designs for your Error Pages. For instance for 404 Error, create a 404.php design in your root directory and now add the below code to your .htaccess.
# custom error pages
ErrorDocument 401 /err/401.php
ErrorDocument 403 /err/403.php
ErrorDocument 404 /err/404.php
ErrorDocument 500 /err/500.php
- Checkspelling
Adding a Simple Auto Correct check spelling to your wordpress blog.
<IfModule mod_speling.c>
CheckSpelling On
</IfModule>
- Allow only your IP on wp-admin
If you do not run a multiple author blog and wish to allow only your IP to the wp-admin login page, then this is for you.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Wordpress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from xx.xx.xx.xx
</LIMIT>
- Redirect www to non www or vice versa
To redirect from www to non www use this
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.yourblogname.com [NC]
RewriteRule ^(.*)$ http://yourblogname.com/$1 [L,R=301]
To redirect from non www to www use this
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^yourblogname.com [NC]
RewriteRule ^(.*)$ http://www.yourblogname.com/$1 [L,R=301]
- Redirect Day and name permalinks to /%postname%/
Lets say you Moved from Blogger to wordpress, your sites post permalinks would have the date and year inclusive. You can use this .htaccess trick to redirect such permalinks to %postname% structure.
RedirectMatch 301 /([0-9]+)/([0-9]+)/([0-9]+)/(.*)$ http://www.domain.com/$4
- Redirect visitors to a maintenance page
Let’s say you are working on your blog and you wish to redirect your visitors to a Maintenance Page, here is what you need.
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]
- Secure Plugin Files
There might be known loopholes in particular plugin unknown to, here is how to secure all your Plugin Files on wordpress.
<Files ~ "\.(js|css)$">
order allow,deny
allow from all
</Files>
Now you know the power of .htaccess file. Implement these wonderful tips at once. Remember, sharing is caring.
16 Comments
A True Prodigy, thanks for this wonderful article, i so much appreciate it.
You are welcome bro. Glad you found it a useful guide.
You won’t stop amazing us. Thanks for this blog security tips.
Anytime…
Bro… Wont it cause server problem? I mean the secure plugin
It won’t. Unless you mess up with your .htaccess file. But it is usually recommended that you keep a backup of your .htacces file before editing it.
Thanks Oscar, you’re always known for teaching wonderful tutorial that can’t be gotten anywhere else. I’m still new on wordpress blog but I believe I can learn a lots from your blog. Come to think of it, I don’t really know much about .htacces but from what I just read on your blog now, I believe it will solve one of my problem which is my email subscribers could not get my new update. Thanks for doing what you know how to do
I’m glad it solved your blogging need, and you now know what the .htaccess file is all about.
Ok… I will try them out.
That would be great bro.
wow nice share bro, it really helpful tanx
Glad you find it a useful resource.
Too gud oh
Thanks for coming by.
Bro please where should we add this code in the .htaccess file? Below other codes or above?
Where will i be posting the codes