Best WordPress .htaccess Hacks

Filed under: WordPress — Tags: , ,

The .htaccess file allows you to easily improve your blog’s security, reduce bandwith and increase usability.

In this post we’re going to look at  some of the best .htaccess hacks.

WP- Admin

Your can restrict access to wp-admin by IP

order deny,allow
allow from a.b.c.d # This is your static IP
deny from all

Blacklist

One of the most important things you can do with .htaccess is blacklist IP addresses. You can do so with the following code

order allow,deny
allow from all
deny from 123.456.78

WP-Config Protection

Your wp-config file contains your database name, your database username and your database password. In other words, you’ll want to keep it secure

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

Disable Directory Browsing

# disable directory browsing
Options All -Indexes

Feedburner

Feedburner is a blogger’s best friend. Trouble is, directing your feed to it is a bit of a pain. The solution: a .htaccess hack of course

# temp redirect wordpress content feeds to feedburner
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC]
RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/HackBookINFO [R=302,NC,L]
</IfModule>

Disable hotlinking

According to Wikipedia, also known as “leeching, piggy-backing, direct linking, offsite image grabs and bandwidth theft”. In other words it is using an image from another site. If people do it to you, it’ll use up your bandwith. You can stop it with the .htaccess hack below.

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ - [F]
RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/stealingisbad.gif [R,L]

Keep RSS ‘content thieves’ away

It isn’t nice when people steal your content. One of the ways ‘content thieves’ scrape content from sites is by simply using your RSS feed. If you’ve got the scraper’s IP address (which is very easy to do; Google it) then you can use your .htaccess file to block the scraper. The code below redirects a site taking your feed back to another feed (ie their feed). Replace the IP on line two with the offending site’s and the feed on line three with the offending site’s feed.

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^69.16.226.12
RewriteRule ^(.*)$ http://newfeedurl.com/feed

Limiting number of simultaneous connections

To limit the number of simultaneous connections to a directory or your entire site, use the below line. If you place it in a directory other than the root directory, then it will limit the connections to that directory and its sub-directories only. Placing it in htaccess file of root directory will implement it for entire site.

MaxClients < number-of-connections>

Maintenance

It doesn’t matter what the reason is, at some point in your life you’ll probably want to make maintenance page. Replace “/maintenance.html” with whatever the url of your maintenance page is and put your own IP address on line three.

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]

Deny no referer requests [stop spam comments!]

Slightly simpler than the spam-stopping solution under ‘S’, what this hack does is utilise the fact that most spammes use bots coming from ‘nowhere’. The hack checks to see where a comment is coming from, and if it is coming from ‘nowhere’ then it blocks it

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Force files opening to ‘save as’

If you’re offering files for download then the hack below will be very useful – it forces files to save as instead of opening or streaming.

AddType application/octet-stream .avi .mpg .mov .pdf .xls .mp4

Protect your .htaccess file.

After you’ve spent all that time protecting your blog from .htaccess attack, the last thing you want to do is leave your .htaccess file itself open to attack!The hack below prevents external access to any file with .hta (or any case insensitive variation). Place the code below in your domain’s root .htaccess file

# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

Redirect from http://www.whatever to http://whatever

Using a 301 (permanent) redirect, you can move all visitors to http://www.yoursite to http://yoursite

# permanently redirect from www domain to non-www domain
RewriteEngine on
Options +FollowSymLinks
RewriteCond %{HTTP_HOST} ^www\.domain\.tld$ [NC]
RewriteRule ^(.*)$ http://domain.tld/$1 [R=301,L]

Remember the golden rule: Always have a backup!

And if you have something new lave a comment and I’ll add it to the list.

You might like:

  1. Leverage Browser Caching to Increase Website Speed
    Leverage Browser Caching to Increase Website Speed...
  2. Have Windows Notify You When You Accidentally Hit the Caps Lock Key
    Have Windows Notify You When You Accidentally Hit ...
  3. uTorrent – How To Fix “disk overload 100%” Issue in Windows
    uTorrent – How To Fix “disk overload 1...
One Comment so far...
Leave Yours
Garfield Lombrink

I’m gone to tell my little brother, that he should also pay a quick visit this weblog on regular basis to obtain updated from latest gossip.

January 14, 2013 at 3:08 pm Reply
Leave a Reply