htaccess tricks for wordpress

Htaccess Speed Up WordPress Tricks & Snippets

March 14, 2022

Looking to speed up your WordPress site using the htaccess file? Most WordPress sites run on the Apache server software, and often by default, the configuration is not optimal. Luckily, the htaccess file makes it easy to configure Apache and see some serious speed improvements.

In this article, we'll cover the most important changes you can make with htaccess code snippets you can copy and paste for your own server.

What is the htaccess file?

The .htaccess file is found in your web server's root directory, or within specific folders that are in the root directory. It's a configuration file that applies to the contents of specific folders accessible through your web server. With the .htaccess file, you can easily do most of the same things you can do through the main configuration file.

Your htaccess file is located in the root folder for your web server. Usually, it can be found in /var/www/html/, the default location for Apache servers. If you have installed WordPress in a subfolder, such as /blog/, the htaccess file for that folder will be at /var/www/html/blog/.

To edit your htaccess file file via SSH, use this command:

$ nano /var/www/html/.htaccess

What can the htaccess file do?

The .htaccess file is a powerful tool that allows you to control how your server interacts with specific folders and files. In other words, the .htaccess file gives you control over the visitor experience on your website.

For example, you can use the .htaccess file to:

-Control how visitors access specific files and folders

-Password protect specific areas of your site

-Prevent hotlinking of images

-Redirect visitors to a specific page or URL

-Cache static files for faster loading times

-And much more!

The possibilities are endless, and the .htaccess file can be a powerful tool for optimizing your WordPress site. However, it's important to note that you should only make changes to the .htaccess file if you are comfortable with editing code, as a typo can break your site.

How do I edit my htaccess file?

To edit your htaccess file, you'll need to connect to your server, either with an FTP client or through SSH. You can download the file, make your edits, and reupload with FTP, or using SSH, you can edit directly on the server with an editor like vim or nano.

Keep in mind, the .htaccess file is a hidden file. It starts with a "." and on Unix-like systems, this is how hidden files are marked. You'll either need to find an option in your FTP client to show hidden files.

If you've connected via SSH, you can list all files in the current directory, including hidden ones, with this command.

$ la -la

Enable Browser Caching

Browser caching is a protocol where browsers can be instructed to store downloaded files for a specified period. When they need to access a file that's been cached, they don't need to request it from the server again, significantly reducing how long it takes to retrieve, eliminating unnecessary HTTP requests.

With misconfigured browser caching, you may see the "leverage browser caching" message in PageSpeed Insights.

You can enable browser caching in Apache, and speed up WordPress though your .htaccess file. This example code contains rules for most common file types, however, you can remove types you aren't using if you'd like, and you can customize how long the resources stay cached for.

Before this will work, you need to enable the expires module. On Debian/Ubuntu based systems, you can use the following commands to enable the module. For other systems such as CentOS, you may have to manually edit your Apache config.

$ sudo a2enmod expires
$ systemctl restart apache2

Add the following code for mod_expires to into your htaccess file.

<IfModule mod_expires.c>
    ExpiresActive on
    ExpiresDefault "access plus 30 seconds"
    ExpiresByType text/html "access plus 15 days"
    ExpiresByType text/css "access plus 15 days"

    ExpiresByType image/gif "access plus 1 months"
    ExpiresByType image/jpg "access plus 1 months"
    ExpiresByType image/jpeg "access plus 1 months"
    ExpiresByType image/png "access plus 1 months"
    ExpiresByType image/svg+xml "access plus 1 months"
    ExpiresByType image/x-icon "access plus 1 months"
    ExpiresByType application/pdf "access plus 1 months"

    ExpiresByType text/js "access plus 1 months"
    ExpiresByType text/javascript "access plus 1 months"
    ExpiresByType application/javascript "access plus 1 months"
    ExpiresByType application/x-javascript "access plus 1 months"

    ExpiresByType font/woff "access plus 1 month"
    ExpiresByType application/font-woff2 "access plus 1 month"
    ExpiresByType application/x-font-ttf "access plus 1 month"
    ExpiresByType application/x-font-truetype "access plus 1 month"
    ExpiresByType application/x-font-opentype "access plus 1 month"
</IfModule>

It's possible to manually add cache control headers as well. While the expires module makes things easier, it can be useful to know how this works under the hood.

<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
  Header set Cache-Control "max-age=2592000, public"
</FilesMatch>

The user's browser simply reads these headers and keeps the cached file stored for the specified time. The max age value is represented in seconds, so in this example, 30 days is 2,592,000 seconds. Content delivery networks will also respect these headers when determining how long a resource should stay cached.

Enable Gzip Compression

GZIP is a compression algorithm that can be applied to text files, like HTML files, CSS files, JavaScript files, and SVG images. Enabling GZIP makes these files smaller, and decreases the time required to download them, reducing your overall load times and server bandwidth, and speeding up your site.

You can easily enable GZIP and Deflate compression for your WordPress site with no plugins, just by editing the .htaccess file. First, you'll need to enable the deflate module with these commands.

$ sudo a2enmod deflate
$ systemctl retstart apache2

Here a code snippet for your .htaccess file to enable gzip compression.

<IfModule mod_deflate.c>
 AddOutputFilterByType DEFLATE text/css
 AddOutputFilterByType DEFLATE text/html
 AddOutputFilterByType DEFLATE text/javascript
 AddOutputFilterByType DEFLATE text/plain

 AddOutputFilterByType DEFLATE text/xml
 AddOutputFilterByType DEFLATE application/xhtml+xml
 AddOutputFilterByType DEFLATE application/xml
 AddOutputFilterByType DEFLATE application/rss+xml

 AddOutputFilterByType DEFLATE application/javascript
 AddOutputFilterByType DEFLATE application/x-javascript

 AddOutputFilterByType DEFLATE font/opentype
 AddOutputFilterByType DEFLATE font/otf
 AddOutputFilterByType DEFLATE font/ttf
 AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
 AddOutputFilterByType DEFLATE application/x-font
 AddOutputFilterByType DEFLATE application/x-font-opentype
 AddOutputFilterByType DEFLATE application/x-font-otf
 AddOutputFilterByType DEFLATE application/x-font-truetype
 AddOutputFilterByType DEFLATE application/x-font-ttf
</IfModule>

This code enables GZIP for text files and font files. Note that you shouldn't enable GZIP for image compression, since they're already compressed, and GZIP won't be effective. Adding the mime types for already compressed files like images to this list isn't a good idea, since you won't be able to effectively compress images more.

Disable Image Hotlinking

Image hotlinking is when other sites link to images that are hosted on your site. While disabling this usually won't give your site the biggest noticeable performance increase, it's still a good idea.

If other sites are hotlinking to your images, it can create extra server load and slow down your site for regular users. Thankfully with an easy .htaccess trick this can be prevented.

You can paste the following code into your htaccess file to prevent image hotlinking.

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

This code prevents sites other than yourwebsite.com, google.com, bing.com, facebook.com, or twitter.com from linking to your images. You can add additional domains you'd like to allow. It's a good idea to allow image hotlinking for search engines and social media sites where your content may be shared, and of course your own site, but anything else is likely leaching on your bandwidth and server resources.

Hide Server Signature

Disabling your server signature won't speed up your site, but it will increase your security. Take a look at these example server response headers.

$ curl -I https://example.com
HTTP/2 200
date: Fri, 11 Mar 2022 21:31:31 GMT
server: Apache/2.4.41 (Ubuntu)
vary: Accept-Encoding,Cookie
cache-control: max-age=3, must-revalidate
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 32161
last-modified: Fri, 11 Mar 2022 19:33:34 GMT
cache-control: max-age=1296000
expires: Sat, 26 Mar 2022 21:31:31 GMT
content-type: text/html; charset=UTF-8

Notice the line "server: Apache/2.4.41 (Ubuntu)." Disabling your server signature will hide this, making it harder for an attacker to discover what vulnerabilities your specific server version and operating system have.

Enable Server Level Caching (LiteSpeed Only)

If you're running OpenLiteSpeed or LiteSpeed rather than Apache, you can enable server side caching through .htaccess. LiteSpeed supports Apache's htaccess file format, and has some of its own modules that offer additional functionality.

While it's a better idea to do this through the LiteSpeed Cache plugin for a WordPress website, it's still possible through adding rules to your htaccess file. LiteSpeed has plugins available for several other content management systems as well.

The lightspeed server cache stores static versions of dynamically generated content. This way, WordPress won't have to execute PHP code every time someone requests a page, but instead, LiteSpeed can take over and serve the cached file.

Learn More About Page Speed

At Fastify, our mission is to help anyone with an online business or website speed up their site. If you're looking to learn more, be sure to check out the rest our blog. We also offer a step-by-step video course for WordPress that will help to to achieve perfect page speed.


Written By 
Mason Wiley
My name is Mason, and I cofounded Fastify after years of experience with SEO and affiliate marketing in a highly competitive industry. I've worked through countless pages of documentation and ran countless experiments to find all the hidden secrets to making screaming fast pages.
menucross-circle