dev-resources.site
for different kinds of informations.
WordPress Optimization Techniques Using .htaccess
Optimizing WordPress using the .htaccess file involves implementing directives to enhance site performance, security, and functionality. Below are key techniques with examples:
1. Enable GZIP Compression
Compress files to reduce their size and speed up loading times.
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom_xml application/font-woff application/font-woff2 image/svg+xml
</IfModule>
2. Leverage Browser Caching
Cache static resources in the user's browser.
<IfModule mod_expires.c>
ExpiresActive On ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
3. Prevent Hotlinking
Stop other sites from embedding your images.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?yourwebsite\.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F,NC,L]
</IfModule>
4. Block Bad Bots
Prevent access from known malicious bots.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(badbot|evilbot|maliciousbot).*$ [NC]
RewriteRule .* - [F,L]
</IfModule>
5. Disable Directory Browsing
Prevent listing files in directories.
Options -Indexes
6. Limit Access to wp-config.php
Secure your critical WordPress configuration file.
<Files wp-config.php>
order allow,deny
deny from all
</Files>
7. Protect .htaccess File
Prevent others from modifying the .htaccess file.
<Files .htaccess>
order allow,deny
deny from all
</Files>
8. Redirect HTTP to HTTPS
Force your website to use HTTPS.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
9. Limit Post Request Size
Prevent large requests to mitigate DoS attacks.
LimitRequestBody 10485760
10. Enable CORS
Allow resources to be shared across domains (useful for APIs and fonts).
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
11. Restrict Access to Admin Area
Restrict wp-admin access to specific IPs.
<FilesMatch "wp-login.php">
order deny,allow
Deny from all
Allow from 123.456.789.0
</FilesMatch>
12. Enable Keep-Alive
Improve connection handling.
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>
13. Remove ETags
Reduce overhead by disabling ETags.
<IfModule mod_headers.c>
Header unset ETag
</IfModule>
FileETag None
14. Optimize Default WordPress .htaccess
Include clean permalink rules and other optimizations.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
These optimizations should be tested thoroughly to ensure compatibility with your WordPress setup and server configuration. Back up your .htaccess file before making changes.
Featured ones: