Speeding Up Your WordPress Blog With .Htaccess ~ Super Effective Tips

Statistics shows that users expect a website to load in just under 2 seconds, if it takes longer than that they are half as likely to leave the page. You might have put in tremendous amount of effort into your blog’s design and content, but all that comes to naught if your visitors just “bounce” back without ever having appreciated your website. Furthermore, one factor that most search engines use in their ranking algorithm is loading time.

So speeding up your blog will not only guarantee you won’t lose your visitors, but also makes sure your blog will get seen.

If your blog is built on the Apache Web Server, you can take full use of its .htaccess file.

 

First, let’s explain what the .htaccess file is:

.htaccess is a configuration file on Apache Web Server, usually used to make changes on a per-directory basis. The directives you can give range from domain redirection, leveraging caching, compression to blocking IPs, setting up passwords, protection from spammers and bots and much more. The modifications made to the .htaccess file are applied immediately, since when the use of .htaccess is enabled, Apache looks for those files first.

 

The .htaccess file is located in your server’s root directory, but it’s hidden so make sure you have “show hidden files” enabled. If you don’t see it, no worries. WordPress generates a .htaccess file when you turn on permalinks, just go to Settings> Permalinks and click on “Save Changes”. If you still can’t find the .htaccess file after you’ve done that, you can create it yourself.  Use any text editor of your preference, Notepad would work as well. Paste in the default code below:

 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

 

Save the file as htaccess.txt, rename it to .htaccess (with no .txt extension) and upload it to your WordPress installation folder.

Before you start modifying your .htaccess file, be sure to make a back-up somewhere.

Now that all that is done, let’s move on to what you can do with a .htaccess file to improve your blog.

Compression

Why use compression? When a user requests your web page, the server compresses the files’ size before sending them, which means the size of the data that needs to be transferred is smaller, hence it takes a lot less time for it to be loaded.

Paste the following into your .htaccess file to enable Gzip compression:

 

<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

 

Leveraging Browser Cache

Every browser stores websites’ static content (CSS files, scripts, images, stylesheets etc.) in its cache. That’s why when you visit pages that you’ve been to before they load much faster than initially. Since you already have some of the files, your browser doesn’t need to download them again.

For leveraging cache there are two mods you can use, mod_expires and mod_headers.

mod_expires tells the browser what content and for how long to store it, the time is estimated in seconds. If you’re not sure what duration’s to set, you can the ones provided in the code below:

 

# BEGIN Expire headers
<ifModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault “access plus 5 seconds”
  ExpiresByType image/x-icon “access plus 1 month”
  ExpiresByType image/jpeg “access plus 1 month”
  ExpiresByType image/png “access plus 1 month”
  ExpiresByType image/gif “access plus 1 month”
  ExpiresByType application/x-shockwave-flash “access plus 1 month”
  ExpiresByType text/css “access plus 14 days”
  ExpiresByType text/javascript “access plus 1 month”
  ExpiresByType application/javascript “access plus 1 month”
  ExpiresByType application/x-javascript “access plus 1 month”
  ExpiresByType text/html “access plus 600 seconds”
  ExpiresByType application/xhtml+xml “access plus 600 seconds”
</ifModule>
# END Expire headers

 

You don’t want to set the timers for a very long duration (max 1 year in advance), since then the users won’t get the updated version of your site.

And the rule for mod_headers :

 

# BEGIN Cache-Control Headers
<ifModule mod_headers.c>
<filesMatch “\.(ico|jpe?g|png|gif|swf)$”>
Header set Cache-Control “public”
</filesMatch>
<filesMatch “\.(css)$”>
Header set Cache-Control “public”
</filesMatch>
<filesMatch “\.(js)$”>
Header set Cache-Control “private”
</filesMatch>
<filesMatch “\.(x?html?|php)$”>
Header set Cache-Control “private, must-revalidate”
</filesMatch>
</ifModule>
# END Cache-Control Headers

 

Note: There’s no need specify the time in mod_headers since it’s already been defined by mod_expires.

If you’re not yet using cache plugins for your WordPress blog, you might want to also add either WP Super Cache (recommended) or W3 Total Cache.

Disabling hotlinks

Someone might directly link an image from your blog, subsequently stealing your bandwidth. That is called hotlinking. Disabling hotlinking also prevents other websites from stealing your content such as images, videos or CSS files. This requires the mod_rewrite function to be enabled, which you did if you had to create the file yourself and added the code given at the beginning of the article. If you’re not sure that mod_rewrite is enabled in your already existing .htaccess file, simply open the search bar in the Notepad or any editor you’re using and search for it. If you can’t find it then add the code at the beginning of the article to your .htaccess and you’ll be good to go.

Insert the following code into your .htaccess file to disable hotlinking:

 

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|css)$ – [F]

 

Make sure to change the yourdomain.com for your own website’s address.

If you’d like you can set up Apache Web Server to display a different content when someone is trying to hotlink your .jpg or .gif files, for example you could show an image with a warning instead. To do so paste the following code:

 

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/hotlink.jpg [R,L]

 

In the code above yourdomain.com is your domain and the http://www.yourdomain.com/hotlink.jpg is a link to the image you’d like to display, make sure to replace both for the suitable addresses.

Protecting your blog from spammers and bots

There are hundreds of bots crawling the internet, site rippers, email harvesters, spammers, and every time they visit your webpage, they use your resources. Blocking them would free up said resources and the load on your server, as a result speed up your page. There a numerous bot blacklists online, PerishablePress has an excellent one. The following code stops bots and spammers from accessing your website by instead redirecting them to an error page:

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* – [F,L]

Additionally, you can block spammers by their IP address:

Substitute IP-address with an IP address of a spammer.

.htaccess can also be used to block users based on where the traffic is coming from, meaning a website. To do this use the following code:

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} spamdomain1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} spamdomain2\.com
RewriteRule .* – [F]

The above tells your webserver to block traffic from spamdomain1.com and spamdomain2\.com and instead show a 403 error message. You can add as many addreses as you want, make sure to change the domains given in the code above to appropriate addresses. Keep the backslash before the dot as it’s important.

Security measures

As a final step, you should protect your .htaccess file from unauthorized access, you don’t want just anyone getting a hold of it.

Add the following to your .htaccess code:

 

<Files .htaccess>
order allow,deny
deny from all
</Files>

 

It is also worth mentioning, that there are various online tools available to help you configure your .htaccess file, by practically doing everything for you. So if you aren’t particularly tech-savvy, you might find them useful.

Now that you’re done configuring your .htaccess file, save your changes and  go ahead and check if the loading time got faster.

Leave a Comment

Your email address will not be published. Required fields are marked *