The .htaccess (Hypertext Access) is a very powerful file. It allows you to make changes in Apache web server configuration settings without affecting the main configuration file. In other words, you can modify the way the server behaves without changing the core settings. It is similar to using a child theme in WordPress because when we edit in child theme it does not effect on the parent theme. It is often used to specify the security restrictions for the particular directory. And an optimise .htacess file can increase speed and security of your WordPress site.

Be Careful while Optimizing.htacess

Before you optimize or modify the .htacess file you must have a backup of your .htaccess file. If something gets spoiled, you can change the hacked .htaccess with the original one. On opening .htaccess file you can see some codes are already present in the file.  But don’t touch these codes because by default these codes are required by permalink structures. Erasing these codes may cause major issues with your website. Also, .htaccess has the ability to lock you out of your domain so be careful while changing in the .htaccess file. Tricks for optimizing your .htaccess are given below:-

Optimize WP’s 404 Response

WordPress has a 404.php template that’s created for the posts and pages that do not found on the website. but if post/page contains an image that’s deleted or have an incorrect path then It will show 404.php template to the browser but it doubles the traffic for a single page because for every not found object it will multiply traffic/load for every page. Also, some robot’s request some odd URLs that do not exist on your site that also slows down the server. So updated .htaccess file will look like that:

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !^.*\.png [NC]
RewriteCond %{REQUEST_FILENAME} !^.*\.jp?g [NC]
RewriteCond %{REQUEST_FILENAME} !^.*\.js [NC]
RewriteCond %{REQUEST_FILENAME} !^.*\.gif [NC]
RewriteCond %{REQUEST_FILENAME} !^.*\.css [NC]
RewriteCond %{REQUEST_FILENAME} !^.*\.js [NC]
RewriteCond %{REQUEST_FILENAME} !^.*\.xml [NC]
RewriteCond %{REQUEST_FILENAME} !^.*\.html [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Gzip File Compression

Compression reduces response times by reducing the size of a file. But keep in mind that it is not good to compress small size files because as a result of compression below the size of 500 kb will definitely increase the loading time. Image and PDF files shouldn’t be gzipped because of they are already compressed. And if we compress them again then it not only wastes processor but also increases the file sizes. It’s valuable to gzip your HTML documents, scripts, and stylesheets. By adding this code into your file you are able to use gzip compression.

<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

Turn-off Directory Indexing

By default, it is possible for every visitor to look within any of your website directory that does not contain index file like index.html, index.php, etc. in it. Which means configuration files and different sensitive data may be misused by nasty users. So the only solution to prevent that we have to add a blank index.html file to each folder on your web site. but if you have a large number of directories then it is time-consuming work so better option is to just open and change your .htaccess file by adding following code into your file. and it will solve this problem.

#Disable Directory Indexes
Options -Indexes

Prevent Hotlinking

Hotlinking is the act by which we display an image from another website via URL. By this, we can save a lot of space because images are not stored in our hard disk but don’t worry it’s possible to prevent other domains from hot linking to your website. But on loading web page, your website request for the image and this process eats up bandwidth on the host’s server. And slow down your page loading.

To make sure no one is using your valuable bandwidth, add this script to your .htaccess file

#Prevent Hot Linking
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mysite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

Disallow Spam Robots

Your web site is frequently crawled by robots. Some of these robots are necessary like search engine robots because they index your site so it will show in search engine results. But on the other hand, some robots are not so friendly.So these robots are called Spam robots and they just jammed your server by using up bandwidth and resources. We can block robots based on the user-agent they provide.

The script below denies some spam robots but isn’t exhaustive.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomainname.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

Implement a 301 Redirect with .htaccess

If you have forever changed the URL structure on your site because of optimization change or CMS migration and you will want to implement 301 redirects from the older URL to the new URL.The syntax for a basic 301 redirect is given below need to add in the .htaccess file. The first URL should be a relative path to the older URL and the second one should be an absolute path to the new URL.

Redirect 301 relative/path/to/oldurl/ http://www.domain.com/newurl/

Protect .htaccess itself!

It is an important thing to protecting your .htaccess file because it contains some really important secrets, so we can’t leave the file itself open to attack. The following code can help .htaccess file from the hackers.

<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>

Better still, you can rename the .htaccess to any other name you like

#rename htaccess files
AccessFileName ht.access