The most essential .htaccess rules for blogs

Many blogs have a .htaccess file that only has the rules cms framework (WordPress, joomla etc.) installed. If you don’t add these .htaccess rules to your root .htaccess file, you’re missing out easy performance improvements any blogger can have. So don’t depend on your cms’s default rules and make your blog better with these simple .htaccess rules.

Best place to put these rule in the .htaccess -file at the root of your domain. Putting these rules into use won’t only cut your page loading times to half, but also they do provide the foundation for further optimization and speed improvements for your website.

This article covers following points of how to :

  • protect the .htaccess file itself
  • protect your core blog files, like wp-config.php on WordPress
  • prevent anyone from seeing the directory indexes on your server
  • protect your blog from direct comment spam
  • setup file compression to speed up the blog
  • (optionally) prevent people from (hot)linking to images on your blog

Few words on .htaccess Basics

.htaccess (HyperText ACCESS) is the default name of a directory-level configuration file . The .htaccess allows for decentralized management of web server configuration. The .htaccess rules at the root of your domain controls every directory and request that happens on your server.

Note Following Before You Start Adding and Changing .htaccess Rules

Adding .htaccess rules will optimize your blog and will make it secure, it will be easy when you know what to do, but because wrong rules in the root .htaccess can really harm a site.

  • Always backup your existing .htaccess file!
  • Keep that original in a safe place and don’t overwrite it.
  • .htaccess is case-sensitive and incorrectly spelled code will cause errors on your server.
  • Make sure you edit YOURDOMAIN name where applicable.

Using of .htaccess File

1. Protect .htaccess From Outside Access

This should be at the start of each and every root .htaccess file you ever create.

# Protect the .htaccess file


Order Allow,Deny

Deny from all


2. Protect particular file From Unwanted Access

apply the same principle to protect any file.

# Protect example.php


Order Allow,Deny

Deny from all


3. Disable Directory Browsing

This simple directive will prevent anyone from accessing the index and files in your folder. Your file permissions are important, but this will prevent a casual visitor from accessing the index and the files in any directory.

# Disable directory browsing

Options All -Indexes

4. Protect From Spam Comments

There are many spammers who make use of script for spam comments. Some plugin provide a way to prevent this case, but using of .htaccess-file of any blog is the most economical way to prevent direct comment spam attempts

# Protect from spam comments


RewriteEngine On

RewriteBase /


RewriteCond %{REQUEST_URI} .wp-comments-post.php*

RewriteCond %{HTTP_REFERER} !.** [OR]

RewriteCond %{HTTP_USER_AGENT} ^$

RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]


5. (OPTIONAL) Prevent Hotlinking



If someone is hotlinks to images on your server, It will redirect any outside linking to an image on your server to another image instead which you can have on another (free) domain.

First make a “please don’t hotlink” image and save it on a free image hosting, like Flickr, Picasa etc. Then edit the URL of the image to the code.

# Prevent Hotlinking


RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(.+.)? [NC]

RewriteRule .(jpg|jpeg|png|gif)$ [NC,R,L]


Note : Change the image name as per your need. I have used test name for image.



6. Additional .htaccess Tricks

6.1. Your Own Shortlinks (in WordPress)

When you have to use SEO-friendly url on your website then you must go with this rule. If you have to rewrite the url as per depend upon the condition this will help you. Using this rules you can reduce the directive level which is better for SEO point of view.

# BEGIN URL Shortening


RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_URI} ^/([0-9]+)$

RewriteRule .* [R=301,L]


# END URL Shortening

6.2. Force Download (e.g. for mp3, PDFs, etc.)

This rule will force the files to be downloaded instead of opening them in a browser for your blogs.


ForceType application/octet-stream

Header set Content-Disposition attachment


6.3. 301 Redirect using htaccess

If we want to redirect requested page from an old document to new:


RewriteEngine On

Redirect 301 /old/file.html


Use following for redirecting Entire Directory.


RewriteEngine On

RedirectMatch 301 /blog(.*)$1


6.4. Redirect browser to https (ssl)

This rule will redirect entire website to https(ssl).


RewriteEngine On

RewriteCond %{HTTPS} !on

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


6.5 Rewrite URLs using htacccess

Rewriting product.php?id=12 to product-12.html

RewriteEngine on

RewriteRule ^product-([0-9]+).html$ product.php?id=$1

Rewriting product.php?id=12 to product/ipod-nano/12.html

RewriteEngine on

RewriteRule ^product/([a-zA-Z0-9_-]+)/([0-9]+).html$ product.php?id=$2

Redirecting non www URL to www URL

RewriteEngine On

RewriteCond %{HTTP_HOST} ^$

RewriteRule (.*)$1 [R=301,L]

Rewriting to

RewriteEngine On

RewriteRule ^([a-zA-Z0-9_-]+)$ user.php?username=$1

RewriteRule ^([a-zA-Z0-9_-]+)/$ user.php?username=$1

Redirecting the domain to a new subfolder of inside public_html

RewriteEngine On

RewriteCond %{HTTP_HOST} ^$ [OR]

RewriteCond %{HTTP_HOST} ^$

RewriteCond %{REQUEST_URI} !^/new/

RewriteRule (.*) /new/$1

That’s It! You are ready to go with .htaccess

If you want to test your rule is working properly then please go to this link :

This helps you to show what are the redirection for your particular page and hence you will test you rule.

Now you know how to change this! With the help of these you can achieve two important things, higher security and bit of optimization.

So let`s get in touch and turn your idea into a brilliant solution.
Go ahead & fill the form below

Get In Touch With Us


  • AXAT Technologies Pvt Ltd
    101, Technocity X-5/3, MIDC Industrial Area, Mahape, Navi Mumbai, Maharashtra - 400710
  • +91 932 415 4970

  • UAE Office address
    2016, Bingghatti Avenue Near Marriot Hotel - Al Jaddaf - Dubai - United Arab Emirates
  • Phone: +971 50 276 9709
    WhatsApp: +971 55 859 1412

  • United States (US) Office Address
    1280 Lexington Ave FRNT 2
    New York, NY 10028
    United States
  • Phone: +1 (347) 688-5972
Be a part of our community