What is htaccess? Tricks to master it in WordPress

What is htaccess? Tricks to master it in WordPress


 What is the

Know what is the .htaccess file where it is located and, above all, understand what its function is within the ecosystem of a website, will give you a much more complete notion of the complexity of your digital project. But, it will also give you the possibility of accessing a tool that facilitates an endless number of very important functions.

And, this file, far from being a “simple” ordinary text file, will allow you automate the behavior of your project Online against possible attacks, vulnerabilities or, simply, users whom you decide not to give permission to visit your website.

In fact, in the beginning this file was very useful to me , since it allowed me to edit and redirect all the URL's of this same Blog to a somewhat friendlier version, something that I will tell you more about throughout this article. But first, let me clarify your definition and utilities, let's get started!

Thematic menu of content

What is htaccess and what is this file for?


The file « .htaccess » it is the abbreviated form of “HyperText Access” or “hypertext access” in Spanish and it is a text file that allows modifying the guidelines, configuration and behavior of our hosting service.

In a very simple way, using a FTP client and a text editor, or the file manager that our hosting provider provides, we can modify it and implement many strategies regarding:

  • Security
  • Optimization
  • Behavior of our Web server [19659014] Precisely, regarding these factors, we will speak in today's article much more carefully, so I encourage you to continue reading until the end.

    Where is the htaccess file in WordPress?


    The HTACCESS file is usually found in the root folder of the website. For example, in WordPress it is in the “public_html” folder, that is, in the main installation folder. It is there, mainly because all the functions or commands that are in it, directly affect all the folders of the root of the installation.

    Now that you know what it is and where to find the htaccess, surely, if you did not know of its existence, you may be wondering how to edit it.

    This is a fairly recurring doubt. And let me tell you that, fortunately, the options to edit this file are not too visible to the WordPress user.

    And I say «fortunately» because it is a quite sensitive file, since, in case of incorrect or erroneous manipulation, there may be an error 500 or it may happen that your website stops working completely.

    Therefore, I only recommend you touch and edit it if you are a specialist on these issues. Otherwise, the best thing would be for you to look for someone who can help you to implement the functionality you want to perform.

    How to edit the .htaccess?


    Having said this, let's move on to reveal some of the different ways of editing this file:

    »In the cPanel of your hosting

    If the web hosting service you use has a« cPanel »service for the administration of the files of your Online project, here you can easily find the .htaccess file .

    You just have to enter the folders that compose it and look for the one under the name « public_html «.

    It is inside it and you will recognize it by its classic text file icon.

     .htaccess file in cPanel

    In case you want to edit it, depending on which hosting company you have, they will allow you to open it from the platform itself, edit it there mo and save the changes.

    Although they may also not allow direct editing, for which you must download it to local, edit it and then re-upload it to the folder of «public_html» overwriting the previous one file version.

    »With WordPress plugins

    In addition to cPanel, you can also install various plugins where you can edit the .htaccess file in your WordPress.

    In this case, I propose two:

    1 ) SEO Yoast

    If you already have this plugin installed on your site, you should go directly to « SEO> Tools> File editor «.

    This is the second option that you will see on screen, from where in addition to this file, you can edit what you need from the robots.txt file of your website.

     Htaccess Editor - Safely Edit Htaccess File

    And now, once we already know exactly what a web's .htaccess file is, where it is and how we can Edit lo, I would like you to know some of the best tricks you can apply to it. And for this, on this occasion I have invited José Ramón Padrón Country Manager of SiteGround .

    José Ramón, together with the collaboration of great professionals in the Web sector, has I have prepared a compilation with a series of very interesting techniques and tricks, which you can apply today in your own project.

    The best tricks to optimize the htaccess file of your WordPress


     The best tricks to optimize the .htaccess file of your WordPress

    This is a compilation of “best practices”, where I have the opinion and advice of several prominent professionals from the Online Marketing and Web development sector.

    And so that you can apply these tricks to your project, I will also include its corresponding code, so that you only have to copy / paste it into your own s ite.

    Finally, I will include a technique that has personally served me well, so I will also put “my grain of sand” in this collection of tricks.

    I'll leave you with them!

    1 ) The tricks of Fernando Tellado in the development of Webs in WordPress

    Fernando Tellado is the person in charge of Help WordPress one of the most recognized Spanish sites in terms of resources and tutorials on the CMS “WordPress”.

    One of his favorite tricks, which he uses when he is developing Webs for clients is the following I leave you with him!

    »Request a password to access the Web

    This I usually do for everyone, except for its developers, whose IP is whitelisted and can enter directly.

    It would be done like this:

     # Key for visitors
    AuthType basic
    AuthName "This website is currently under development"
    AuthUserFile / home / path /. htpasswd
    AuthGroupFile / dev / null
    Require valid-user
    # Webmaster and developers access by IP
    Order Deny, Allow
    Deny from all
    Allow from 66.77.88.9
    Allow from 11.222.33.4
    Satisfy Any
    

    »Block annoying or malicious bots

    Another very useful trick that I use a lot is the following. In this example I send them to a virtual black hole, for heavy:

     # Block bots
    RewriteBase /
    RewriteCond% {HTTP_USER_AGENT} ^ Anarchie [OR]
    RewriteCond% {HTTP_USER_AGENT} ^ ASPSeek [OR]
    RewriteCond% {HTTP_USER_AGENT} ^ attach [OR]
    RewriteCond% {HTTP_USER_AGENT} ^ autoemailspider [OR]
    RewriteCond% {HTTP_USER_AGENT} ^ Xaldon  WebSpider [OR]
    RewriteCond% {HTTP_USER_AGENT} ^ Xenu [OR]
    RewriteCond% {HTTP_USER_AGENT} ^ Zeus. * Webster [OR]
    RewriteCond% {HTTP_USER_AGENT} ^ Zeus
    RewriteRule ^. * $ [R,L]

    Regarding security issues, I like to implement the following trick:

    »Protect the server against denial of service attacks

    This prevents requests that exceed a size determined. In this example of more than 10 Mb:

     # Protect against DDOS of 10 Mb or more
    LimitRequestBody 10240000 

    And I also usually prevent remote execution of all kinds of scripts like this:

     # Disable script execution
    AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
    Options -ExecCGI 

    Finally, although there are many possible, I usually use this trick a lot to protect access to sensitive files or that I just don't want to be able to access them: [19659062]
    Order Allow, Deny
    Deny from all

     Siteground Hosting

    2) Mauricio Gelves: his tricks to optimize your htaccess

    Mauricio Gelves is Freelance WordPress consultant and developer, so listen to their advice!

    One of the simplest tricks to streamline the loading of pages is simply to tell browsers to store on the user's computer certain types of files, in order not to request them from the server again.

    Usually they are usually files of the assets type (images, javascripts, videos, style sheets, etc.).

    The configuration indicates the “ Filetype ” and the duration that must remain stored.

    The duration may contain the following values:

    • years
    • months
    • weeks
    • days
    • hours [19659012] minutes
    • seconds

    For example « access plus 2 months »or with a combination of them“ access plus 1 month 15 days 2 hours. ”

    For more information on this module you can visit Apache's official documentation .

    »Example of use:

    
     ExpiresActive on
    ExpiresDefault "access plus 2 months"
    # CSS
    ExpiresByType text / css "access plus 1 year"
    # Data interchange
    ExpiresByType application / json "access plus 0 seconds"
    ExpiresByType application / xml "access plus 0 seconds"
    ExpiresByType text / xml "access plus 0 seconds"
    # Favicon (cannot be renamed!)
    ExpiresByType image / x-icon "access plus 1 week"
    # HTML components (HTCs)
    ExpiresByType text / x-component "access plus 2 months"
    # HTML
    ExpiresByType text / html "access plus 0 seconds"
    # JavaScript
    ExpiresByType application / javascript "access plus 1 year"
    # Manifest files
    ExpiresByType application / x-web-app-manifest + json "access plus 0 seconds"
    ExpiresByType text / cache-manifest "access plus 0 seconds"
    # Half
    ExpiresByType audio / ogg "access plus 2 months"
    ExpiresByType image / gif "access plus 2 months"
    ExpiresByType image / jpeg "access plus 2 months"
    ExpiresByType image / png "access plus 2 months"
    ExpiresByType video / mp4 "access plus 2 months"
    ExpiresByType video / ogg "access plus 2 months"
    ExpiresByType video / webm "access plus 2 months"
    # Web feeds
    ExpiresByType application / atom + xml "access plus 1 hour"
    ExpiresByType application / rss + xml "access plus 1 hour"
    # Web fonts
    ExpiresByType application / font-woff "access plus 2 months"
    ExpiresByType application / font-woff2 "access plus 2 months"
    ExpiresByType application / vnd.ms-fontobject "access plus 2 months"
    ExpiresByType application / x-font-ttf "access plus 2 months"
    ExpiresByType font / opentype "access plus 2 months"
    ExpiresByType image / svg + xml "access plus 2 months"
     

    Another tip that I would like to give and that also helps to optimize the WPO of our pages is send all the compressed content using the Apache GZIP module .

    In this way, the HTTP packets will be smaller, travel faster over the Internet and the user's browser will be in charge of unzipping it when the rendering is finished.

    Again, in the official documentation of Apache ( here ) you can consult and expand this information that I tell you here.

    »Example of use:

    
    
     AddOutputFilterByType DEFLATE" application / atom + xml "
    "application / javascript" 
    "application / json" 
    "application / ld + json" 
    "application / manifest + json" 
    "application / rdf + xml" 
    "application / rss + xml" 
    "application / schema + json" 
    "application / vnd.geo + json" 
    "application / vnd.ms-fontobject" 
    "application / x-font-ttf" 
    "application / x-javascript" 
    "application / x-web-app-manifest + json" 
    "application / xhtml + xml" 
    "application / xml" 
    "font / eot" 
    "font / opentype" 
    "image / bmp" 
    "image / svg + xml" 
    "image / vnd.microsoft.icon" 
    "image / x-icon" 
    "text / cache-manifest" 
    "text / css" 
    "text / html" 
    "text / javascript" 
    "text / plain" 
    "text / vcard" 
    "text / vnd.rim.location.xloc" 
    "text / vtt" 
    "text / x-component" 
    "text / x-cross-domain-policy" 
    "text / xml"
    
     

    3) José Facchin: redirect the URLs of dated content and the “www”

    One of the most typical mistakes of bloggers who start their own blog with practically no SEO technical knowledge is that, during their first years, they make one of these two errors:

    »Redirect the URLs already published with a date to a new« without date »

    Personally, it is a mistake that I myself made in my Blog and I had to put this technique into practice. Similarly, many bloggers still see them have dates in URLs implemented, something that from a strategic point of view would not be the most correct.

    https://josefacchin.com/ / / / /

    To solve it, you must edit today's protagonist file and add in the section « R ewrite « the following: [19659112] # BEGIN WordPress
    < IfModule mod_rewrite . c >
    RewriteEngine On
    RewriteBase /
    RewriteRule ^ ([0-9] {4}) / ([0-9] {1,2}) / ([0-9] {1,2}) / ([^/] +) /? $ [R=301,L] [19659121] RewriteRule ^ index . php $ []
    RewriteCond % { REQUEST_FILENAME }

    !  -  f 
     RewriteCond  %  { REQUEST_FILENAME ] ! ] -  d 
     RewriteRule  .   /  index .  php 

     [] [
     < /  IfModule > 
     # END WordPress  

    Remember, after the section "RewriteBase /", you must add, according to your case, this:

    • With year, month and day : RewriteRule ^ ([0-9] {4}) / ([0-9] {1,2}) / ([0-9] {1,2}) / ([^/] +) /? $ [R=301,L] [19659012] With year and month: RewriteRule ^ ([1 9659116] [ 0 - 9 ] { 4 ) / ( [] 0 - 9 ] { 1 2 ) / [ [ ^ / ] + ) / ? $ R =

       301  L ]  
    • Only with the year: RewriteRule ^ ([0-9] {4}) / ([^/] +) / ? $ [R=301,L]

    How to redirect your domain with «www» to without «www» (or vice versa) and «http» a with «https»?

    Likewise, many professionals still have 2 versions of their website: this does that they have without redirecting their own domain with "www" and without them.

    That is, when entering for example:

    https://www.josefacchin.com it may happen that this URL does not redirect to https: //josefacchin.com or viceve rsa.

    That «non-redirection» that I am talking about makes your website completely duplicate since we would be facing two identical sites with the same content. Therefore, I recommend that you decide which of the two ways you are going to show your domain and do it, for example, through this file automatically:

    »Redirect your domain to the version without WWW:

     RewriteEngine On
    RewriteCond% {HTTP_HOST} ^ www.mydomain.com [NC]
    RewriteRule ^ (. *) $ Https://mydomain.com/$1 [L,R=301] 

    »Redirect your domain to the WWW version:

     RewriteEngine On
    RewriteCond% {HTTP_HOST} ^ mydomain.com [NC]
    RewriteRule ^ (. *) $ Https://www.midominio.com/$1 [L,R=301] 

    »Redirect from http domain to domain with https:

     
    RewriteCond% {HTTPS} off
    RewriteRule (. *) Https://www.ejemplo.com/$1 [R=301,L,QSA]
     

    With this small piece of code you will avoid the duplicate content which, as you can already learn in previous articles on José's Blog, is a factor that can seriously slow down the SEO positioning of your web project.

    4) The tricks of José Ramón Padrón

    Finally, I show you some tricks that I myself have carried out as a specialist in digital security.

    Precisely, the fact of being able to preserve security It is one of the most important aspects when starting a personal project or for your company.

    Measures such as keep your WordPress updated as well as your plugins and templates are essential, backups daily, SSL certificate on your website, etc., but we can add something else through the .htaccess file.

    I propose two simple strategies:

    First, we can deny permission from abroad to any .htaccess file that we have in our installation. Remember that you can place files of this type in many folders, each one with precise instructions.

    In this way we will block access to all of them, increasing the security of our WordPress installation. Add the following code to your .htaccess file located in the root directory:

    »Deny permission from the outside:

     # Block all .htaccess files
    
    order allow, deny
    deny from all
    satisfy all
     

    And in second place : there is another important file in every WordPress installation: wp-config.php. In this file you will find information such as site settings and access to the database, critical information in any installation.

    We can add the following lines to the .htaccess file located in the root directory of your WordPress installation to protect it: [19659062] # Protecting the wp-config.php file

    order allow, deny
    deny from all

    Another basic that cannot be missed as a recommendation is the personalization of error pages .

    If your visits access a URL that does not exist (the typical « http 404 error «), you will be able to see a page designed by yourself.

    give free rein to your imagination.

    To be able to enable these pages simply add this code to the .htaccess file in the root directory and replace on each line "/errors/xxx.html" with the correct path where you have your custom error pages:

     # Custom error pages
    ErrorDocument 400 /errors/400.html
    ErrorDocument 401 /errors/401.html
    ErrorDocument 403 /errors/403.html
    ErrorDocument 404 /errors/404.html
    

     Online Master in Digital Marketing

    Conclusion

    I hope this list of tricks has helped you when setting up your site Web in an original and different way, since unless a webmaster has certain technical knowledge, they are not too common techniques or that everyone knows.

    There is no doubt that your .htaccess will make you avoid certain common and recurring errors by many people.

    Main image By Freepik.

    Did you know what .htaccess is and these tricks that we have shared with you today? performance and security for your Online project, you will tell me how about it!



Source link

admin

No Comment

Newsletter

Follow

Subscribe to notifications

Recent Posts

Categories

Meta

Archives