bagerathan/compress-files.htaccess

## compress-files.htaccess
<IfModule mod_deflate.c>

    # Compress all output labeled with one of the following MIME-types
    # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
    #  and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
    #  as `AddOutputFilterByType` is still in the core directives).
    <IfModule mod_filter.c>
        AddOutputFilterByType DEFLATE application/atom+xml \
                                      application/javascript \
                                      application/json \
                                      application/rss+xml \
                                      application/vnd.ms-fontobject \
                                      application/x-font-ttf \
                                      application/x-web-app-manifest+json \
                                      application/xhtml+xml \
                                      application/xml \
                                      font/opentype \
                                      image/svg+xml \
                                      image/x-icon \
                                      text/css \
                                      text/html \
                                      text/plain \
                                      text/x-component \
                                      text/xml
    </IfModule>

</IfModule>

## default-wordpress.php
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

## expire.htaccess
<IfModule mod_expires.c>

    ExpiresActive on
    ExpiresDefault                                      "access plus 1 month"

  # CSS
    ExpiresByType text/css                              "access plus 1 year"

  # Data interchange
    ExpiresByType application/json                      "access plus 0 seconds"
    ExpiresByType application/xml                       "access plus 0 seconds"
    ExpiresByType text/xml                              "access plus 0 seconds"

  # Favicon (cannot be renamed!) and cursor images
    ExpiresByType image/x-icon                          "access plus 1 week"

  # HTML components (HTCs)
    ExpiresByType text/x-component                      "access plus 1 month"

  # HTML
    ExpiresByType text/html                             "access plus 0 seconds"

  # JavaScript
    ExpiresByType application/javascript                "access plus 1 year"

  # Manifest files
    ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
    ExpiresByType text/cache-manifest                   "access plus 0 seconds"

  # Media
    ExpiresByType audio/ogg                             "access plus 1 month"
    ExpiresByType image/gif                             "access plus 1 month"
    ExpiresByType image/jpeg                            "access plus 1 month"
    ExpiresByType image/png                             "access plus 1 month"
    ExpiresByType video/mp4                             "access plus 1 month"
    ExpiresByType video/ogg                             "access plus 1 month"
    ExpiresByType video/webm                            "access plus 1 month"

  # Web feeds
    ExpiresByType application/atom+xml                  "access plus 1 hour"
    ExpiresByType application/rss+xml                   "access plus 1 hour"

  # Web fonts
    ExpiresByType application/font-woff                 "access plus 1 month"
    ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
    ExpiresByType application/x-font-ttf                "access plus 1 month"
    ExpiresByType font/opentype                         "access plus 1 month"
    ExpiresByType image/svg+xml                         "access plus 1 month"

</IfModule>

## snippets.php
//block hidden files and folders
<IfModule mod_rewrite.c>
    RewriteCond %{SCRIPT_FILENAME} -d [OR]
    RewriteCond %{SCRIPT_FILENAME} -f
    RewriteRule "(^|/)\." - [F]
</IfModule>

//allow crossdomain fonts
<IfModule mod_headers.c>
    <FilesMatch "\.(eot|otf|ttc|ttf|woff)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</IfModule>

//allow cross domain images
<IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
        <FilesMatch "\.(cur|gif|ico|jpe?g|png|svgz?|webp)$">
            SetEnvIf Origin ":" IS_CORS
            Header set Access-Control-Allow-Origin "*" env=IS_CORS
        </FilesMatch>
    </IfModule>
</IfModule>


//restrict access to a single IP
order deny,allow
# Replace the below 192.168.5.1 with your IP address
deny from all
allow from 192.168.5.1

//protect vulnarable files
<FilesMatch "^.*(error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$">
Order deny,allow
Deny from all
</FilesMatch>

//disable access to wp-include
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

//setup 301 redirect
Redirect 301 /oldurl1/ https://www.yoursite.com/newurl1/
Redirect 301 /oldurl2/ https://www.yoursite.com/newurl2/

//restrict direct access to PHP file
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]

//add custom error message
ErrorDocument 404 /error404.html
ErrorDocument 403 /error403.html
ErrorDocument 500 /error500.html
ErrorDocument 501 /error501.html

//protect wp-admin file
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
Order deny,allow
Deny from all
Allow from xxx.xxx.xx.xx
Allow from yyy.yyy.yy.yy
</LIMIT>
	<IfModule mod_deflate.c>

	# Compress all output labeled with one of the following MIME-types
	# (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
	# and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
	# as `AddOutputFilterByType` is still in the core directives).
	<IfModule mod_filter.c>
	AddOutputFilterByType DEFLATE application/atom+xml \
	application/javascript \
	application/json \
	application/rss+xml \
	application/vnd.ms-fontobject \
	application/x-font-ttf \
	application/x-web-app-manifest+json \
	application/xhtml+xml \
	application/xml \
	font/opentype \
	image/svg+xml \
	image/x-icon \
	text/css \
	text/html \
	text/plain \
	text/x-component \
	text/xml
	</IfModule>

	</IfModule>
	# BEGIN WordPress
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
	</IfModule>
	# END WordPress
	<IfModule mod_expires.c>

	ExpiresActive on
	ExpiresDefault "access plus 1 month"

	# CSS
	ExpiresByType text/css "access plus 1 year"

	# Data interchange
	ExpiresByType application/json "access plus 0 seconds"
	ExpiresByType application/xml "access plus 0 seconds"
	ExpiresByType text/xml "access plus 0 seconds"

	# Favicon (cannot be renamed!) and cursor images
	ExpiresByType image/x-icon "access plus 1 week"

	# HTML components (HTCs)
	ExpiresByType text/x-component "access plus 1 month"

	# HTML
	ExpiresByType text/html "access plus 0 seconds"

	# JavaScript
	ExpiresByType application/javascript "access plus 1 year"

	# Manifest files
	ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
	ExpiresByType text/cache-manifest "access plus 0 seconds"

	# Media
	ExpiresByType audio/ogg "access plus 1 month"
	ExpiresByType image/gif "access plus 1 month"
	ExpiresByType image/jpeg "access plus 1 month"
	ExpiresByType image/png "access plus 1 month"
	ExpiresByType video/mp4 "access plus 1 month"
	ExpiresByType video/ogg "access plus 1 month"
	ExpiresByType video/webm "access plus 1 month"

	# Web feeds
	ExpiresByType application/atom+xml "access plus 1 hour"
	ExpiresByType application/rss+xml "access plus 1 hour"

	# Web fonts
	ExpiresByType application/font-woff "access plus 1 month"
	ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
	ExpiresByType application/x-font-ttf "access plus 1 month"
	ExpiresByType font/opentype "access plus 1 month"
	ExpiresByType image/svg+xml "access plus 1 month"

	</IfModule>
	//block hidden files and folders
	<IfModule mod_rewrite.c>
	RewriteCond %{SCRIPT_FILENAME} -d [OR]
	RewriteCond %{SCRIPT_FILENAME} -f
	RewriteRule "(^\|/)\." - [F]
	</IfModule>

	//allow crossdomain fonts
	<IfModule mod_headers.c>
	<FilesMatch "\.(eot\|otf\|ttc\|ttf\|woff)$">
	Header set Access-Control-Allow-Origin "*"
	</FilesMatch>
	</IfModule>

	//allow cross domain images
	<IfModule mod_setenvif.c>
	<IfModule mod_headers.c>
	<FilesMatch "\.(cur\|gif\|ico\|jpe?g\|png\|svgz?\|webp)$">
	SetEnvIf Origin ":" IS_CORS
	Header set Access-Control-Allow-Origin "*" env=IS_CORS
	</FilesMatch>
	</IfModule>
	</IfModule>


	//restrict access to a single IP
	order deny,allow
	# Replace the below 192.168.5.1 with your IP address
	deny from all
	allow from 192.168.5.1

	//protect vulnarable files
	<FilesMatch "^.(error_log\|wp-config\.php\|php.ini\|\.[hH][tT][aApP].)$">
	Order deny,allow
	Deny from all
	</FilesMatch>

	//disable access to wp-include
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^wp-admin/includes/ - [F,L]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^wp-includes/theme-compat/ - [F,L]
	</IfModule>

	//setup 301 redirect
	Redirect 301 /oldurl1/ https://www.yoursite.com/newurl1/
	Redirect 301 /oldurl2/ https://www.yoursite.com/newurl2/

	//restrict direct access to PHP file
	RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
	RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
	RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
	RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
	RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
	RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]

	//add custom error message
	ErrorDocument 404 /error404.html
	ErrorDocument 403 /error403.html
	ErrorDocument 500 /error500.html
	ErrorDocument 501 /error501.html

	//protect wp-admin file
	AuthUserFile /dev/null
	AuthGroupFile /dev/null
	AuthName "WordPress Admin Access Control"
	AuthType Basic
	<LIMIT GET>
	Order deny,allow
	Deny from all
	Allow from xxx.xxx.xx.xx
	Allow from yyy.yyy.yy.yy
	</LIMIT>