Example of wordpress .htaccess file for several optimizations and other things
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#DO NOT COPY\PASTE. Take only what you need carefully. | |
#The following code is just a few **examples** of optimizations that you can do in .htaccess file. | |
# HTTPS forced | |
<IfModule mod_rewrite.c> | |
#RewriteCond %{HTTP_HOST} !^www\. [NC] | |
#RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] | |
RewriteCond %{HTTP:X-Forwarded-Proto} !https | |
RewriteCond %{HTTPS} off | |
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] | |
</IfModule> | |
# END HTTPS | |
#Remove Facebook fbclid | |
<IfModule mod_rewrite.c> | |
RewriteCond %{QUERY_STRING} ^(.*)(?:^|&)fbclid=(?:[^&]*)((?:&|$).*)$ [NC] | |
RewriteCond %1%2 (^|&)([^&].*|$) | |
RewriteRule ^(.*) /$1?%2 [R=301,L] | |
</IfModule> | |
#END | |
#RewriteCond %{QUERY_STRING} ^(.*)&?fbclid=[^&]+&?(.*)$ [NC] | |
#RewriteRule ^(.*)$ /$1?%1%2 [R=302,L] | |
# Disable xmlrpc access | |
<Files xmlrpc.php> | |
<IfModule mod_authz_core.c> | |
Require all denied | |
</IfModule> | |
<IfModule !mod_authz_core.c> | |
Order allow,deny | |
Deny from all | |
</IfModule> | |
</Files> | |
#disable hotlinking of images and other files with forbidden or custom image option | |
RewriteEngine on | |
RewriteCond %{HTTP_REFERER} !^$ | |
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?youdomian.com [NC] | |
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] | |
RewriteRule \.(webp|jpg|jpeg|png|gif|bmp|zip|rar|mp3|flv|swf|xml|css|pdf|ogg|mp4)$ – [NC,F,L] | |
# Use UTF-8 encoding for anything served text/plain or text/html | |
AddDefaultCharset UTF-8 | |
# Force UTF-8 for a number of file formats | |
<IfModule mod_mime.c> | |
AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml | |
</IfModule> | |
# Disable ETags | |
<IfModule mod_headers.c> | |
Header unset ETag | |
</IfModule> | |
FileETag None | |
# ------------------------------------------------------------------------------ | |
# | Compression | | |
# ------------------------------------------------------------------------------ | |
<IfModule mod_deflate.c> | |
# Force compression for mangled headers. | |
# http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping | |
<IfModule mod_setenvif.c> | |
<IfModule mod_headers.c> | |
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding | |
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding | |
</IfModule> | |
</IfModule> | |
# Compress all output labeled with one of the following MIME-types | |
# (for Apache versions below 2.3.7, you don't need to enable `mod_filter` | |
# and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines | |
# as `AddOutputFilterByType` is still in the core directives). | |
<IfModule mod_filter.c> | |
AddOutputFilterByType DEFLATE "application/atom+xml" \ | |
"application/javascript" \ | |
"application/json" \ | |
"application/ld+json" \ | |
"application/manifest+json" \ | |
"application/rdf+xml" \ | |
"application/rss+xml" \ | |
"application/schema+json" \ | |
"application/vnd.geo+json" \ | |
"application/vnd.ms-fontobject" \ | |
"application/x-font-ttf" \ | |
"application/x-javascript" \ | |
"application/x-web-app-manifest+json" \ | |
"application/xhtml+xml" \ | |
"application/xml" \ | |
"font/eot" \ | |
"font/opentype" \ | |
"image/bmp" \ | |
"image/svg+xml" \ | |
"image/vnd.microsoft.icon" \ | |
"image/x-icon" \ | |
"text/cache-manifest" \ | |
"text/css" \ | |
"text/html" \ | |
"text/javascript" \ | |
"text/plain" \ | |
"text/vcard" \ | |
"text/vnd.rim.location.xloc" \ | |
"text/vtt" \ | |
"text/x-component" \ | |
"text/x-cross-domain-policy" \ | |
"text/xml" | |
</IfModule> | |
</IfModule> | |
# ------------------------------------------------------------------------------ | |
# | Expires headers (for better cache control) | | |
# ------------------------------------------------------------------------------ | |
<IfModule mod_expires.c> | |
ExpiresActive on | |
ExpiresDefault "access plus 1 month" | |
# CSS | |
ExpiresByType text/css "access plus 1 year" | |
# Data interchange | |
ExpiresByType application/json "access plus 0 seconds" | |
ExpiresByType application/xml "access plus 0 seconds" | |
ExpiresByType text/xml "access plus 0 seconds" | |
# Favicon (cannot be renamed!) | |
ExpiresByType image/x-icon "access plus 1 week" | |
# HTML components (HTCs) | |
ExpiresByType text/x-component "access plus 1 month" | |
# HTML | |
ExpiresByType text/html "access plus 0 seconds" | |
# JavaScript | |
ExpiresByType application/javascript "access plus 1 year" | |
# Manifest files | |
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" | |
ExpiresByType text/cache-manifest "access plus 0 seconds" | |
# Media | |
ExpiresByType audio/ogg "access plus 1 month" | |
ExpiresByType image/gif "access plus 1 month" | |
ExpiresByType image/jpeg "access plus 1 month" | |
ExpiresByType image/png "access plus 1 month" | |
ExpiresByType image/webp "access plus 1 month" | |
ExpiresByType video/mp4 "access plus 1 month" | |
ExpiresByType video/ogg "access plus 1 month" | |
ExpiresByType video/webm "access plus 1 month" | |
# Web feeds | |
ExpiresByType application/atom+xml "access plus 1 hour" | |
ExpiresByType application/rss+xml "access plus 1 hour" | |
# Web fonts | |
ExpiresByType application/font-woff "access plus 1 month" | |
ExpiresByType application/font-woff2 "access plus 1 month" | |
ExpiresByType application/vnd.ms-fontobject "access plus 1 month" | |
ExpiresByType application/x-font-ttf "access plus 1 month" | |
ExpiresByType font/opentype "access plus 1 month" | |
ExpiresByType image/svg+xml "access plus 1 month" | |
</IfModule> | |
<IfModule mod_headers.c> | |
<filesMatch "\.(html|htm)$"> | |
Header set Cache-Control "s-maxage=2592000, max-age=0, public, must-revalidate" | |
</filesMatch> | |
</IfModule> | |
# ---------------------------------------------------------------------- | |
# CORS-enabled images (@crossorigin) | |
# ---------------------------------------------------------------------- | |
# Send CORS headers if browsers request them; enabled by default for images. | |
# developer.mozilla.org/en/CORS_Enabled_Image | |
# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html | |
# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/ | |
# wiki.mozilla.org/Security/Reviews/crossoriginAttribute | |
<IfModule mod_setenvif.c> | |
<IfModule mod_headers.c> | |
# mod_headers, y u no match by Content-Type?! | |
<FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$"> | |
SetEnvIf Origin ":" IS_CORS | |
Header set Access-Control-Allow-Origin "*" env=IS_CORS | |
</FilesMatch> | |
</IfModule> | |
</IfModule> | |
# ---------------------------------------------------------------------- | |
# Webfont access | |
# ---------------------------------------------------------------------- | |
# Allow access from all domains for webfonts. | |
# Alternatively you could only whitelist your | |
# subdomains like "subdomain.example.com". | |
<IfModule mod_headers.c> | |
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$"> | |
Header set Access-Control-Allow-Origin "*" | |
</FilesMatch> | |
</IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment