;;;
Be sure you have created an HTML document to be displayed during site maintenance and that you have labeled it that. That is the page this code will send visitors to while you are performing routine site updates and creating backups. As this is a temporary redirect we are serving a 302 header response.

3. Create 301 Redirects Using Htaccess files

Sometimes you want to redirect your site visitors to a different page. This is useful when you have deleted pages from your site that users may still find through links or search engines. It is also helpful when you have moved the content from one page to a new page with a different address. Using the following code will show the new page instead of an error page when someone clicks on the link that is no longer working.

#301 Redirects
Redirect 301 /abc/file.html http://www.yourblogname.com/def/file.html

 ;;;

 ;;;
4. Speed Up Your Site by Disabling Revisions Autosave.

WordPress saves revisions of your pages and posts in real-time as you are creating them. While this is an incredibly useful feature, it can also slow down your site’s speed. Sometimes, people are willing to sacrifice the convenience of having pages automatically saved in order to have a faster website. To completely disable the WordPress autosave feature, add the following code in your wp.config.php file

define('WP_POST_REVISIONS', false );

If you would like to get the autosave feature back at a later time, simply delete that line of code.

5. Block all IP addresses except your own from accessing admin files

If you want to make sure that no IP address except your own is allowed to access the wp_admin directory of your site, there’s a code that allows you to block all other IP addresses from accessing the directory. The wp_admin directory is where all the files related to the WordPress dashboard are located. This includes all administrative functions such as writing posts, moderating your comments, installing themes, and using plug-ins.

Because WordPress allows full access to administrators, blocking others from accessing your admin files can keep hackers from accessing your site. To block all addresses except your own, the code to use is:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic

order deny,allow
deny from all
allow from xx.xx.xx.xx

6. Ban a Single Spammer from Accessing your Site

We have already gone over a code that allows you to block multiple IP addresses from your site. Sometimes, though, there is only one spammer who is causing problems. In that case, it makes sense to use a simpler code that just bans that particular IP address. To do so, simply add their IP address to the following code.

## USER IP BANNING
order allow,deny
deny from xxx.xx.xxx.xxx
allow from all

Using this code allows access to everyone except those who are trying to access your site from the IP that has been causing trouble.

7. Render your PHP configurations files inaccessible.

The wp-config.php file contains crucial information like the name of your database. If you would like to deny access to this file, there is an easy way to do it. This file contains sensitive information like your user id, password, and database name in an unencrypted format. Completely blocking all access to the file adds a layer of security, protecting the site from prying eyes. Because PHP files are hidden, this information is not using the browser, but if someone were to hack a website, this is one of the first files they would be likely to try to access because of the information it contains.

# protect wpconfig.php

order allow,deny
deny from all

Using this code helps tremendously with site security.

8. Only allow files smaller than 10 MB to be uploaded.

Large files can significantly slow down a website. A simple way to ensure smaller file sizes is to use a code that limits the file size that can be uploaded. This can keep a site from being bogged down by trying to open too many large files at once and allow the site to keep running at optimal speed. The following code can be used to achieve this purpose:

#limit file uploads to 10mb
LimitRequestBody 10240000

If you would prefer to set the limit higher, you can also set the maximum upload size to 20 MB or any other file size that you choose. When larger files are being uploaded, the request will be denied.

9. add password protection to your directories.

Adding password protection to your blog’s directories is easy to do using your htaccess file. There are many reasons why a webmaster would want to do this. When a blog does get hacked, all the blog posts are often deleted, and all sites that are connected within the directory are accessed, too.

This can cause a headache for a blog owner who has kept adequate backups. It can be completely disastrous for one who has not. Adding password protection to the files that provide access to the directories of your blog adds an additional layer of security and prevents unauthorized users from accessing other sites connected to your blog.

To do this, simply add the following code to your htaccess file:

AuthType Basic
AuthName "restricted area"
AuthUserFile /usr/local/var/www/html/.htpasses
require valid-user

10. Allow spelling errors in the URL to be automatically corrected.

By adding a Check Spelling directive to your htaccess file, users who misspell something in your URL will still be able to access the file. This code is not sufficient to correct gross misspellings. However, when a typo or being one letter off is the problem, spellcheck can correct small mistakes and find the correct document. To add this feature to your site, simply use the following code:

CheckSpelling On

11. Secure your WordPress Plugin Files

Plug-ins are incredibly useful, but they can also leave your website vulnerable to attackers. Sometimes plugin files allow direct access to unauthorized users which is a serious security problem. Because plugins provide so many awesome functions to WordPress sites, it doesn’t make sense to stop using plugins altogether because some of them leave loopholes that make outside access possible. Simply use the following four lines of code to prevent anyone but you from having direct access to your plugin files.


order allow,deny
allow from all


11. Add a trailing slash to the end of your URL.

URLs with a trailing slash generally indicate a directory. URLs that don’t have a trailing slash are usually files. While it is possible to have two different pages with different content have identical URLs aside from the slash at the end, this can be confusing to users and search engines.

If you would like to add a trailing slash to the end of a URL by using your htaccess file, the following code will automatically do that for you:

#trailing slash enforcement
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !#
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://domain.com/$1/ [L,R=301]

 ;;
12. Redirect users to a customized 404 error page.

If you want your visitors to be redirected each time they reach a page with a 404 error, the following code will take them to a customized error page. A 404 error occurs when the page being requested is not found. This is usually because the page has either been moved or it has been deleted. Using a custom 404 error page is a good idea to keep your site streamlined and professional-looking. You can use the following code to redirect users to your custom page when they do reach a page that no longer exists at the address they have typed.

# custom error pages
ErrorDocument 401 /err/401.php
ErrorDocument 403 /err/403.php
ErrorDocument 404 /err/404.php
ErrorDocument 500 /err/500.php

13. Keep spammers from making posts on your blog.

The denies all requests that do not come for your domain. To understand how this works, imagine a typical blog reader reading a post and deciding to leave a comment. The comment dialogue box will be referred to by the page with the post on it. A spammer is not your typical reader, and they are not reading your blogs.

They are making what is called “no-referrer requests” meaning the comment dialogue box was the first request made. The following code can deny all these types of requests by cutting out the spambot activity on your website:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

You can use the last line of this code to send spammers elsewhere. Be sure not to send them to other sites you own or even to sites you like. :)

14. Add and customize permalinks to create better URLs.

One of the most popular htaccess tricks is to add some code that allows webmasters to create and customize their blog’s permalink settings. This makes for cleaner URLs that include your keywords instead of strings of symbols and random numbers. To do this for a WordPress site is as simple as adding the following code to your site htaccess file:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

 ;;
15. Use htaccess file for force caching.

While force caching will not speed up an initial page load, if a page has been loaded once on a particular browser, force caching can send 304 statuses and speed up page loading if nothing on the page has changed.

FileETag MTime Size
ExpiresActive on
ExpiresDefault "access plus x seconds"

 ;;
16. Create an htaccess file if you do not have one.

If your site does not already have an htaccess file, it is easy to create your own and then upload it to your site. To do this, you simply create a text file, leave it blank, save it as .htaccess, and then upload it to the root of your WordPress installation file. It is important to include the period at the beginning of the file name, so be sure not to omit it.

You can use my free .htaccess generator to help you get started.

A Word of Caution

htaccess codes have to be implemented with total accuracy or your site may go down completely. It is important that you create a backup of the htaccess file before making any changes. Store this backup externally, either using the cloud or using a flash drive to ensure that you will have access to the saved copy if you need it.

After each change, you make to your htaccess file, refresh your page to ensure that your website is still online. Because a single error will make your site go down, it is important to know exactly when any problems occurred. This will help narrow down the line of code that needs to be corrected.

htaccess allows for lots of functionality by adding lines of simple code. Bookmark this list of tricks and tips so that you will have access to these codes next time you log into your WordPress site. Being able to make changes and customize your blog is one of the perks of using WordPress.

Using simple codes, you can speed up your site, deter hackers, improve your security, keep spammers away, and easily add redirects. Taking advantage of your htaccess file can supercharge your ability to customize your site.