10 Ways to Use .htaccess to Speed Up WordPress
Posted on 10. Sep, 2009 by Alex Denning in .htaccess, Theme Development
Recently I’ve become more and more interested in the .htaccess file as a way to speed up and protect your site. Previously here on WPShout I’ve written an “A to Z of WordPress .htaccess Hacks”, which has been a very popular post, and today we’re going to look at ten easy methods to speed up WordPress with the .htaccess file. Not all of these apply specifically to WordPress; you could easily apply most of these to any other site.
Just before we start, make sure you always have a backup to hand as you may find some ‘things’ aren’t supported by your host and so your site could not load. Whenever you apply any changes, turn off Super Cache and check the site still works. If it doesn’t, load the backup and locate the problem before trying again.
1. Enable caching
Since using starting to use this on WPShout, I’ve really noticed a difference in load times. In a nutshell, we’re telling browsers to cache files with the extension x for x amount of time. That way, especially on image heavy sites (ie sites using Magazine themes), you can increase the load time a heck of a lot.
# 1 YEAR
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
# 2 HOURS
Header set Cache-Control "max-age=7200, must-revalidate"
# CACHED FOREVER
# MOD_REWRITE TO RENAME EVERY CHANGE
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
Source (I can’t remember where I found this; if anyone knows where the page is, leave a comment with the URL and I’ll update the post).
2. gzip files
gzip allows you to compress files, so obviously that means they load faster. The code below will gzip html, text, css, js and php files:
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>3. Combine gzip and caching
Combining the two tips above, gzip and caching, the code below is a brilliant snippet from Samuel Santos‘ site:
# BEGIN Compress text files
SetOutputFilter DEFLATE
# END Compress text files
# BEGIN Expire headers
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType image/x-icon "access plus 2592000 seconds"
ExpiresByType image/jpeg "access plus 2592000 seconds"
ExpiresByType image/png "access plus 2592000 seconds"
ExpiresByType image/gif "access plus 2592000 seconds"
ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
ExpiresByType text/css "access plus 604800 seconds"
ExpiresByType text/javascript "access plus 216000 seconds"
ExpiresByType application/x-javascript "access plus 216000 seconds"
ExpiresByType text/html "access plus 600 seconds"
ExpiresByType application/xhtml+xml "access plus 600 seconds"
# END Expire headers
# BEGIN Cache-Control Headers
Header set Cache-Control "max-age=2592000, public"
Header set Cache-Control "max-age=604800, public"
Header set Cache-Control "max-age=216000, private"
Header set Cache-Control "max-age=600, private, must-revalidate"
# END Cache-Control Headers
# BEGIN Turn ETags Off
Header unset ETag
FileETag None
# END Turn ETags Off
# BEGIN Remove Last-Modified Header
Header unset Last-Modified
# END Remove Last-Modified Header
4. Stop hotlinking
When someone hotlinks an image on your site, that’s using up your resources and so potentially slowing down your site. Thankfully, it’s really easy to stop hotlinking with the following .htaccess trick:
#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ - [F]
RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/stophotlinking.jpg [R,L]5. Stop spammers
Just like hotlinking, every time a spammer comes on to your site, they’re using your resources, so by stopping spammers you can free up said resources and speed up your site. There are a number of ways of doing this; Perishable Press has some brilliant blacklists, but often highlighted as the tell tale sign of a spam comment is the no refferer; it seems to have come from nowhere. The following will stop no referrer requests and therefore stop spam also:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]6. Block spammers
After stopping spammers, we’re now blocking them too! Change the line deny from 123.346 etc to include the IP of said spammer.
<Limit GET POST PUT>
order allow,
deny allow from all
deny from 123.456.789
</LIMIT>7. Use PHP compression
Another compression technique, this time for PHP. At this rate, your blog will be compressed to 1kb!
# php compression – use with caution
<ifmodule mod_php4.c>
php_value zlib.output_compression 16386
</ifmodule>SourceIf you want to pass comptia a+ and ccnp then testking ccna is right option for you.
8. WP Super Cache
The single plugin that everyone always points at as a tool to speed up your blog, Super Cache generates static .html files of WordPress generated pages. It qualifies to be on this list as mobile support requires you to edit the .htaccess file (see the plugin’s options page). Asides from that, it really is a great tool for speeding up your blog and should help you survive any social media barrage you receive.
9. Stop scrapers
The low life that scrape your content are too using up your resources, and they can be stopped from accessing your RSS feed if you’ve got their IP address and the code below in your .htaccess.
RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^69.16.226.12
RewriteRule ^(.*)$ http://newfeedurl.com/feed10. Practice good security
I thought I’d write up a post about speeding up WordPress with .htaccess after needing to do so myself, and in a blatant attempt to get some social media traffic, I’ve (obviously) put it in ‘top ten’ format. When writing this though, it became apparent quite quickly that finding ten things to write about was going to be a bit of a struggle, hence the shift towards looking at security. Tip ten ‘practice good security’ is just that; a number of techniques that you can implement that will help in keeping spammers off your site. By doing this, as I said previously, you can free up resources for other your readers to use. Regular readers will have read another article on WPShout about .htaccess, ‘A to Z of WordPress .htaccess Hacks‘, and throughout this post I’ve been trying to stay clear of the code snippets in that post, but the following snippets all come from that post:
Allow access to the wp-login file to only certain IP addresses (ie yours!)
<Files wp-login.php>
Order deny,allow
Deny from All
Allow from 123.456.789.0
</Files>Rename the .htaccess file (thus making it harder to find)
# rename htaccess files
AccessFileName ht.accessProtect the .htaccess
# STRONG HTACCESS PROTECTION</code>
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>Disable directory browsing (thus stopping visitors finding what plugins you’re using etc)
# disable directory browsing
Options All -IndexesAnd with that, we’re done. If you enjoyed this post, check out ‘A to Z of WordPress .htaccess Hacks‘, save it to your favourite social bookmarking site, subscribe by RSS and/or follow me on Twitter. Any questions feel free to leave a comment.
Related posts:
Enjoyed the post? We'll see you on Twitter or in your RSS reader!
Alex Denning is the founder of WPShout. A WordPress developer from London, Alex co-founded WPShift at the start of 2010 where he sells awesome WordPress themes.
You can find Alex on Twitter and at AlexDenning.com.
52 Responses to “10 Ways to Use .htaccess to Speed Up WordPress”
Trackbacks/Pingbacks
[...] 10 Ways To Use .htaccess To Speed Up WordPress (wpshout.com) [...]
[...] als letztes noch für unsere Blogger : 10 Wege seinen Blog zu beschleunigen, hauptsächlich durch geschickten Einsatz der .htaccess Datei. Den Tipp mit WP-Supercache haben wir [...]
[...] 10 Ways to Use .htaccess to Speed Up WordPress [...]
[...] – 10 Ways To Use .htaccess To Speed Up WordPress [...]
[...] 10 Ways to Use .htaccess to Speed Up WordPress | WPShout.com [...]
[...] 10 Ways to Use .htaccess to Speed Up WordPress – An “A to Z of WordPress .htaccess Hacks”, from (wpshout.com) [...]
[...] bit tricky for anyone who has never done this before, but here is a great link to learn how to stop scrappers [item #9]. Basically you are blocking the access of the scrappers from receiving your blog and rss [...]
[...] bit tricky for anyone who has never done this before, but here is a great link to learn how to stop scrappers [item #9]. Basically you are blocking the access of the scrappers from receiving your blog and rss [...]
[...] bit tricky for anyone who has never done this before, but here is a great link to learn how to stop scrappers [item #9]. Basically you are blocking the access of the scrappers from receiving your blog and rss [...]
[...] bit tricky for anyone who has never done this before, but here is a great link to learn how to stop scrapers [item #9]. Basically you are blocking the access of the scrappers from receiving your blog and rss [...]
[...] 10 Ways To Use .htaccess To Speed Up WordPress [...]
[...] Cache turned on, it’s loading just over a second!WP Super Cache3. Caching with .htaccess!As I wrote a while ago, it’s really easy to cache your files with the .htaccess file – the following code can [...]
[...] bit tricky for anyone who has never done this before, but here is a great link to learn how to stop scrapers [item #9]. Basically you are blocking the access of the scrappers from receiving your blog and rss [...]
[...] 10 Ways to Use .htaccess to Speed Up WordPress [...]
[...] You might also want to use .htaccess to speed up your wordpress site. [...]
[...] are the various sections of code to copy into your .htaccess file. It works! This baby really flies along now. Share and [...]
Leave a Reply
- WordPress Theme Design Basics
- Create An Advanced Options Page in WordPress
- Premium Frameworks Reviewed
- Creating A Tumblog With WordPress
- 10 Practical WordPress Security Tips
- A to Z of WordPress .htaccess Hacks
- WordPress Theme Design Basics
- 10 WordPress Plugins That Every Blog Needs
- 10 Awesome Things To Do With WordPress' Custom Fields
- How To Stop An Eithical Hacker Breaking Into Your WordPress Site
Duncan
10. Sep, 2009
Great collection of .htaccess techniques here. The security ones in particular are essential to have a secure WordPress site.
Alex Denning
10. Sep, 2009
And that’s especially true in these days of blogging (see recent uproar). The .htaccess file it one of the best ways to secure your site, although that wasn’t really the aim of this post!
NICOLAS
10. Sep, 2009
Nice man! Good tricks.
.-= NICOLAS´s last blog ..Infnet: Ciclo de Palestras Gratuitas – Setembro =-.
Karl Foxley
10. Sep, 2009
Okay, this post went by in my Twitter stream as a re-tweet and also as a status update on Facebook so I thought I would come and check it out.
This is certainly a great post and well worth sharing.
Regards,
Karl
.-= Karl Foxley´s last blog ..Explode Your Tweets With Tweet Dynamite =-.
Alex Denning
10. Sep, 2009
Glad you liked it!
Brett Widmann
11. Sep, 2009
Awesome post. I’m just getting into the possibilities that .htaccess files have to offer. This post really adds a lot to the mix of possibilities!
.-= Brett Widmann´s last blog ..August Updates =-.
Ann Graves
12. Sep, 2009
The stop hotlinking worked a treat. I just wish there was a way to send the hotlinker some perverted x rated photos instead of the ones he/she is stealing.
.-= Ann Graves´s last undefined ..If you register your site for free at =-.
Jared Earle
14. Sep, 2009
You can redirect to some pervy xXx pics, as long as you have access to the photos. Create a random image picker in PHP and change the last line as follows:
RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/grumblepics.php [R,L]
As long as your grumblepics.php random smut page outputs a JPEG mime type, it’ll serve an inopportune picture. This sort of thing was used to great effect here: http://www.b3ta.com/links/273385
.-= Jared Earle´s last blog ..Daily iPhone photos =-.
Jared Earle
14. Sep, 2009
This post is a bit of a tricky one to deal with. Instead of in .htaccess, all these changes should be done in the Apache config for the virtual host.
If you use an .htaccess file, it gets read and interpreted every time, causing a performance hit, whereas if you put the changes directly in the Apache config, the modifications are read once and applied more efficiently.
.-= Jared Earle´s last blog ..Daily iPhone photos =-.
Simon
15. Sep, 2009
Renaming the htaccess file is very dangerous ! All files prefixed with à dot can’t be accessed by browsers which means that if you rename your .htaccess file to ht.access file, the file will be readable to everyone ! I really don’t understand what you”re trying to do…
All other points are quite interesting though, thanks
Alex Denning
16. Sep, 2009
Fair point. The idea is that the file can’t be automatically searched for as it won’t exist, hence your security will be better.
Josh L
15. Sep, 2009
Any tips for automating this process?
.-= Josh L´s last blog ..FreshCut Presents YUI Slideshow =-.
Alex Denning
16. Sep, 2009
Afraid not, although it shouldn’t be too much effort to copy and paste!
Andrea
16. Sep, 2009
Point 1: What is the difference between 1 Year cache and Forever Cache?
Alex Denning
16. Sep, 2009
One caches forever and the other caches for a year.
mwaterous
21. Sep, 2009
Good post, lots of great information for people who are learning about .htaccess. The source you’re looking for in your first item there is askapache.com, specifically http://www.askapache.com/htaccess/apache-speed-cache-control.html – they’ve got some other great mod_rewrite rules and tips for WordPress users on the http://www.askapache.com/htaccess/htaccess.html page as well.
.-= mwaterous´s last blog ..WordPress is currently down for maintenance =-.
Steve Firth
23. Sep, 2009
Am converting my main site to WordPress in the near future so looking to make it as quick and secure as possible, some great tips, bookmarked for later.
matt
23. Sep, 2009
I like the rule about the using mod_gzip to compress lots of things – thats a much better set of rules than I have seen elsewhere — going to give that a shot now. We have something else that compresses just the pages before they are sent, and we compress our cache before it is stored, so that it can then be sent right away.
Also the way of setting the cache-control looks pretty good. We will have check those resources as well.
.-= matt´s last blog ..3 Tips For Your Internet Marketing Sales Funnel Plan Posted By: Lonnie Minton =-.
Ayah Drajat
24. Sep, 2009
Waow, amazing technic for speeding up blog with wordpress engine. thanks
.-= Ayah Drajat´s last blog ..Ayah Drajat Friends Share =-.
Goob
30. Sep, 2009
Just make sure you completely understand what you’re doing before messing with the .htaccess file. I put into place Step 1 verbatim and five days later learned that a large chunk of my readers had stopped receiving any updates whatsoever. Not throwing stones, just a friendly warning
.-= Goob´s last blog ..Free Always Infinity =-.
Alex Denning
19. Oct, 2009
Yeah. Tis true you’ve got to be careful! Just remember to always have a backup and check not just yourself but email a couple of readers to check.
Comment Name Violation
04. Oct, 2009
Amazing techniques to speed up blog… Thanks for sharing
Harsh Agrawal
19. Oct, 2009
Hey Alex
Thats a very useful connection but its only step 9 which i might not enable on my blog ever because this may create problem in terms of blocking an Entire network..
.-= Harsh Agrawal´s last blog ..How to Configure WordPress SEO Smart link Plugin =-.
Zia
23. Oct, 2009
Dude!
You have a great collection of this tricks…. Will u do Link Exchange with my wordpress blog? http://ultramaxzone.com
Or can I write your post and give the source to here?
Thanx in Advance!!
Alex Denning
27. Oct, 2009
Sorry, at this time no. I’d also appreciate it if you cite your sources on the .htaccess article that’s on your blog – looks an awful lot like some of the tips here.
nazcar
13. Dec, 2009
great techniques. thank you for sharing
Den
26. Dec, 2009
It worked like a charm…
Michael Pehl
09. Jan, 2010
Very useful tipps. Thank you for sharing
Julius Kuhn-Regnier
02. Feb, 2010
Alex, you’ve got some nice tips here, thanks. I haven’t really seen most of them on other blogs. I will include them in my article on Speeding up WordPress.
Alex Denning
02. Feb, 2010
Thanks mate
Just one request though – WordPress not WordPress!
Zia
27. Mar, 2010
Heya man,
Before When I commented i didnt checked this blog again.. Now when i saw the traffic i got sum from here.. So checked and i rember now that i told that i wll give u credit…
Will edit the post by day after tommorow and inform u
thanx
Zia
27. Mar, 2010
hi
Before When I commented i didnt checked this blog again.. Now when i saw the traffic i got sum from here.. So checked and i rember now that i told that i wll give u credit…
Will edit the post by day after tommorow and inform u
thanx
Doug Wilson
20. Apr, 2010
Won’t that “no referrer” block people who have bookmarked the site?
Jack Fisher
30. May, 2010
compressor already working thanks
good tips about htaccess file.
Den
24. Jul, 2010
Using it in my .htaccess…no more email address harvesting and no more spams email. Comments spam stopped completely and secure protection from malware codes injection from hackers…
Colin
24. Aug, 2010
Just a question from a newbie.
I’m wondering if the first 3 options for .htaccess referring to gzip and cache don’t affect the functionality of W3 Total Cache plugin. Are they safe to be used with W3TC?
Thanks!