The enduring popularly of .htaccess files as the way for webhosts to allow people to take a little more control over the web server is high. Almost all Apache webservers administered by hosting companies will support .htaccess files. If you’re on a host that uses Nginx only, all of these points are completely irrelevant. If you’re unsure, just ask your host. Off the top of my head the only host I distinctly remember learning wasn’t running Apache was WP Engine. Most others so, so without further ado, today we’re going to look at ten easy methods to speed up WordPress with the .htaccess file.
It’s worth knowing that .htaccess files at an Apache server thing, not a WordPress thing. So not all of these apply specifically to WordPress; you could easily apply most of these to any other site. How Apache fits in with the other technologies in use on a WordPress site is explained in this article:
A WordPress LAMP?! An Introduction to WordPress Infrastructure
Before We Begin: Make a Backup
Just before we start, make sure you always have a backup to hand as you may find some of these changes aren’t supported by your host and so your site could not load. For .htaccess files, a common solution is to create a duplicate—maybe .htaccess_pretweaks.
Then when you make your changes, it you need to rollback, just rename that file by dropping the suffix.
Additionally, whenever you apply changes, you may not be able to immediately tell, given the caching layers your site may have. Most of these shouldn’t be affected by that weirdness, but in the last few years I’ve heard more stories of people a little confused by weird caching layers, so do keep it in mind.
1. Enable caching
Since using starting to use this on [wp], I’ve really noticed a difference in load times. In a nutshell, we’re telling browsers to cache files with the extension x for x amount of time. That way, especially on image heavy sites (ie sites using Magazine themes), you can increase the load time a heck of a lot.
# 1 YEAR
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
# 2 HOURS
Header set Cache-Control "max-age=7200, must-revalidate"
# CACHED FOREVER
# MOD_REWRITE TO RENAME EVERY CHANGE
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
2. gzip files
gzip allows you to compress files, so obviously that means they load faster. The code below will gzip html, text, css, js and php files:
<ifModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text/.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image/.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </ifModule>
3. Combine gzip and caching
Combining the two tips above, gzip and caching, the code below is a brilliant snippet from Samuel Santos‘ site:
# BEGIN Compress text files SetOutputFilter DEFLATE # END Compress text files # BEGIN Expire headers ExpiresActive On ExpiresDefault "access plus 1 seconds" ExpiresByType image/x-icon "access plus 2592000 seconds" ExpiresByType image/jpeg "access plus 2592000 seconds" ExpiresByType image/png "access plus 2592000 seconds" ExpiresByType image/gif "access plus 2592000 seconds" ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds" ExpiresByType text/css "access plus 604800 seconds" ExpiresByType text/javascript "access plus 216000 seconds" ExpiresByType application/x-javascript "access plus 216000 seconds" ExpiresByType text/html "access plus 600 seconds" ExpiresByType application/xhtml+xml "access plus 600 seconds" # END Expire headers # BEGIN Cache-Control Headers Header set Cache-Control "max-age=2592000, public" Header set Cache-Control "max-age=604800, public" Header set Cache-Control "max-age=216000, private" Header set Cache-Control "max-age=600, private, must-revalidate" # END Cache-Control Headers # BEGIN Turn ETags Off Header unset ETag FileETag None # END Turn ETags Off # BEGIN Remove Last-Modified Header Header unset Last-Modified # END Remove Last-Modified Header
4. Stop hotlinking
When someone hotlinks an image on your site, that’s using up your resources and so potentially slowing down your site. Thankfully, it’s really easy to stop hotlinking with the following .htaccess trick:
#disable hotlinking of images with forbidden or custom image option RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC] #RewriteRule \.(gif|jpg)$ - [F] RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/stophotlinking.jpg [R,L]
5. Stop spammers
Just like hotlinking, every time a spammer comes on to your site, they’re using your resources, so by stopping spammers you can free up said resources and speed up your site. There are a number of ways of doing this; Perishable Press has some brilliant blacklists, but often highlighted as the tell tale sign of a spam comment is the no refferer; it seems to have come from nowhere. The following will stop no referrer requests and therefore stop spam also:
RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post\.php* RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
6. Block spammers
After stopping spammers, we’re now blocking them too! Change the line deny from 123.346 etc to include the IP of said spammer.
<Limit GET POST PUT> order allow, deny allow from all deny from 123.456.789 </LIMIT>
7. Use PHP compression
Another compression technique, this time for PHP. At this rate, your blog will be compressed to 1kb!
# php compression – use with caution <ifmodule mod_php4.c> php_value zlib.output_compression 16386 </ifmodule>
8. WP Super Cache
The single plugin that everyone always points at as a tool to speed up your blog, Super Cache generates static .html files of WordPress generated pages. It qualifies to be on this list as mobile support requires you to edit the .htaccess file (see the plugin’s options page). Asides from that, it really is a great tool for speeding up your blog and should help you survive any social media barrage you receive.
9. Stop scrapers
The low life that scrape your content are too using up your resources, and they can be stopped from accessing your RSS feed if you’ve got their IP address and the code below in your .htaccess.
RewriteEngine on RewriteCond %{REMOTE_ADDR} ^69.16.226.12 RewriteRule ^(.*)$ http://newfeedurl.com/feed
10. Practice good security
I thought I’d write up a post about speeding up WordPress with .htaccess after needing to do so myself, and in a blatant attempt to get some social media traffic, I’ve (obviously) put it in ‘top ten’ format. When writing this though, it became apparent quite quickly that finding ten things to write about was going to be a bit of a struggle, hence the shift towards looking at security. Tip ten ‘practice good security’ is just that; a number of techniques that you can implement that will help in keeping spammers off your site. By doing this, as I said previously, you can free up resources for other your readers to use. Regular readers will have read another article on [wp] about .htaccess, ‘A to Z of WordPress .htaccess Hacks‘, and throughout this post I’ve been trying to stay clear of the code snippets in that post, but the following snippets all come from that post:
Allow access to the wp-login file to only certain IP addresses (ie yours!)
<Files wp-login.php> Order deny,allow Deny from All Allow from 123.456.789.0 </Files>
Rename the .htaccess file (thus making it harder to find)
# rename htaccess files AccessFileName ht.access
Protect the .htaccess
# STRONG HTACCESS PROTECTION</code> <Files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </Files>
Disable directory browsing (thus stopping visitors finding what plugins you’re using etc)
# disable directory browsing Options All -Indexes
And with that, we’re done. If you enjoyed this post, check out ‘A to Z of WordPress .htaccess Hacks‘, save it to your favourite social bookmarking site, [s] and/or [t]. Any questions feel free to leave a comment.
Oops, sorry, didn’t realize this was an HTML imput. 🙂
It should read:
Thanks for the resource! Just wanted to give you a heads up that your code is not wrapping but is extending past the page in Chrome. You probably already know this, but if you use white-space: pre-line on the pre that will fix it.
I am getting 500 internal server error, why is this so? Am using WordPress and its really pissing me off. Totally tired 🙁
thanks for share, this is the best htaccess
Everything is good jobs
For #6 to block spammers, do you just add the complete line “deny from 123.456.789” for each ip address? Thanks
Wow, I was completely unaware that I could stop spammers on my blog by just updated the htaccess code. Thanks for all the tips I’m going to give them a shot!
[…] Use htaccess to Speed up WordPress (from WPShout) […]
nice collection indeed!
all of my projects are WordPress based. these are surely handy.
thanks
Good technique these the ways to use .htaccess.
Thanks for shairng…
If I just paste No.3 into my htaccess will it just work? I am on a shared Linux server, with cpanel access only (if that helps answer yes/no).
Just a question from a newbie.
I’m wondering if the first 3 options for .htaccess referring to gzip and cache don’t affect the functionality of W3 Total Cache plugin. Are they safe to be used with W3TC?
Thanks!
Hey Colin!
These options are already valid in W3TC. I guess there’s no need to manually activate them once again. Paul
Using it in my .htaccess…no more email address harvesting and no more spams email. Comments spam stopped completely and secure protection from malware codes injection from hackers…
compressor already working thanks
good tips about htaccess file.
Won’t that “no referrer” block people who have bookmarked the site?
[…] are the various sections of code to copy into your .htaccess file. It works! This baby really flies along now. Share and […]
hi
Before When I commented i didnt checked this blog again.. Now when i saw the traffic i got sum from here.. So checked and i rember now that i told that i wll give u credit…
Will edit the post by day after tommorow and inform u
thanx 🙂
Heya man,
Before When I commented i didnt checked this blog again.. Now when i saw the traffic i got sum from here.. So checked and i rember now that i told that i wll give u credit…
Will edit the post by day after tommorow and inform u
thanx 🙂
Alex, you’ve got some nice tips here, thanks. I haven’t really seen most of them on other blogs. I will include them in my article on Speeding up WordPress.
Thanks mate 🙂
Just one request though – WordPress not WordPress!
Very useful tipps. Thank you for sharing 🙂
[…] You might also want to use .htaccess to speed up your wordpress site. […]
It worked like a charm…
great techniques. thank you for sharing
[…] 10 Ways to Use .htaccess to Speed Up WordPress […]
[…] bit tricky for anyone who has never done this before, but here is a great link to learn how to stop scrapers [item #9]. Basically you are blocking the access of the scrappers from receiving your blog and rss […]
Sorry, at this time no. I’d also appreciate it if you cite your sources on the .htaccess article that’s on your blog – looks an awful lot like some of the tips here.
[…] Cache turned on, it’s loading just over a second!WP Super Cache3. Caching with .htaccess!As I wrote a while ago, it’s really easy to cache your files with the .htaccess file – the following code can […]
[…] 10 Ways To Use .htaccess To Speed Up WordPress […]
[…] bit tricky for anyone who has never done this before, but here is a great link to learn how to stop scrapers [item #9]. Basically you are blocking the access of the scrappers from receiving your blog and rss […]
[…] bit tricky for anyone who has never done this before, but here is a great link to learn how to stop scrappers [item #9]. Basically you are blocking the access of the scrappers from receiving your blog and rss […]
[…] bit tricky for anyone who has never done this before, but here is a great link to learn how to stop scrappers [item #9]. Basically you are blocking the access of the scrappers from receiving your blog and rss […]
Yeah. Tis true you’ve got to be careful! Just remember to always have a backup and check not just yourself but email a couple of readers to check.
[…] bit tricky for anyone who has never done this before, but here is a great link to learn how to stop scrappers [item #9]. Basically you are blocking the access of the scrappers from receiving your blog and rss […]
[…] 10 Ways to Use .htaccess to Speed Up WordPress – An “A to Z of WordPress .htaccess Hacks”, from (wpshout.com) […]
Amazing techniques to speed up blog… Thanks for sharing 🙂
[…] 10 Ways to Use .htaccess to Speed Up WordPress | WPShout.com […]
Am converting my main site to WordPress in the near future so looking to make it as quick and secure as possible, some great tips, bookmarked for later.
[…] – 10 Ways To Use .htaccess To Speed Up WordPress […]
[…] 10 Ways to Use .htaccess to Speed Up WordPress […]
[…] als letztes noch für unsere Blogger : 10 Wege seinen Blog zu beschleunigen, hauptsächlich durch geschickten Einsatz der .htaccess Datei. Den Tipp mit WP-Supercache haben wir […]
[…] 10 Ways To Use .htaccess To Speed Up WordPress (wpshout.com) […]
Afraid not, although it shouldn’t be too much effort to copy and paste!
Point 1: What is the difference between 1 Year cache and Forever Cache?
One caches forever and the other caches for a year.
Renaming the htaccess file is very dangerous ! All files prefixed with à dot can’t be accessed by browsers which means that if you rename your .htaccess file to ht.access file, the file will be readable to everyone ! I really don’t understand what you”re trying to do…
All other points are quite interesting though, thanks 🙂
Fair point. The idea is that the file can’t be automatically searched for as it won’t exist, hence your security will be better.
The stop hotlinking worked a treat. I just wish there was a way to send the hotlinker some perverted x rated photos instead of the ones he/she is stealing.
Glad you liked it!
Great collection of .htaccess techniques here. The security ones in particular are essential to have a secure WordPress site.
And that’s especially true in these days of blogging (see recent uproar). The .htaccess file it one of the best ways to secure your site, although that wasn’t really the aim of this post!