.htaccess
Jump to navigation
Jump to search
- Access control (allow and deny commands) has been changed in Apache 2.4. See Upgrading to 2.4 from 2.2 as well as Access Control.
Deny access to wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>
Apache 2.4+
<files wp-config.php>
Require all denied
</files>
Set timezone
## set the server timezone
SetEnv TZ America/New_York
Block include-only files
# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
Limit indexing of folders
# limit indexing of directories
Options All -Indexes
Protect .htaccess file
# protect the htaccess file,
# this is done by default with apache config file,
# but you never know.
<files .htaccess>
order allow,deny
deny from all
</files>
Apache 2.4+
# protect the htaccess file,
# this is done by default with apache config file,
# but you never know.
<files .htaccess>
Require all denied
</files>
Disable server signature
# disable the server signature
ServerSignature Off
Limit file uploads
# limit file uploads to 20mb
LimitRequestBody 20480000
WordPress rewrite
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Expires caching
## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive on
# Perhaps better to whitelist expires rules? Perhaps.
ExpiresDefault "access plus 1 month"
# cache.appcache needs re-requests
# in FF 3.6 (thx Remy ~Introducing HTML5)
ExpiresByType text/cache-manifest "access plus 0 seconds"
# Your document html
ExpiresByType text/html "access plus 0 seconds"
# Data
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"
# RSS feed
ExpiresByType application/rss+xml "access plus 1 hour"
# Favicon (cannot be renamed)
ExpiresByType image/x-icon "access plus 1 week"
# Media: images, video, audio
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
# HTC files (css3pie)
ExpiresByType text/x-component "access plus 1 month"
# Webfonts
ExpiresByType font/truetype "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
# CSS and JavaScript
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType text/javascript "access plus 1 year"
<IfModule mod_headers.c>
Header append Cache-Control "public"
</IfModule>
</IfModule>
Disable caching for a directory
Place this in the directory with content you don't want cached:
<IfModule mod_expires.c>
# disable caching forthis directory mod_expires for this directory
ExpiresActive off
</IfModule>
Enable Keep-Alive
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>