7 comments

1. These are 3 snippet for better performance, regarding Yahoo! rules:

   Disable Etags:

   Header unset ETag
   FileETag None
   

   Add expire headers:

   <FilesMatch ".(ico|jpg|jpeg|png|gif|js|css|swf)$">
   Header set Expires "Tue, 16 Jun 2020 20:00:00 GMT"
   </FilesMatch>
   

   Or

   ExpiresActive On
   ExpiresByType text/html "access plus 1 day"
   ExpiresByType image/gif "access plus 10 years"
   ExpiresByType image/jpeg "access plus 10 years"
   ExpiresByType image/png "access plus 10 years"
   ExpiresByType text/css "access plus 10 years"
   ExpiresByType text/javascript "access plus 10 years"
   ExpiresByType application/x-javascript "access plus 10 years"
   

   Compress plain text file:

   <FilesMatch ".(js|css|html|htm|php|xml)$">
   SetOutputFilter DEFLATE
   </FilesMatch>
   

   Read more about them here.

   Updated:

   Redirect requests to www domain

   RewriteCond %{HTTP_HOST} !^www.domain.tld [NC]
   RewriteRule ^(.*)$ http://www.domain.tld/$1 [R=301,L]
   

   Block request to xmlrpc.php

   Use this only when you don’t use remote publishing as it can prevent your blog from hacks.

   RewriteRule ^(.*)xmlrpc.php$ http://www.domain.tld [R=301,L]
   

   Redirect all feeds to feedburner

   RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator) [NC]
   RewriteRule ^feed/?.*$ http://feeds.feedburner.com/feed_uri [R=301,NC,L]
   

   Log in to Reply

2. Better rewrite rules for WordPress permalinks

   By default WordPress sends a 404 HTML page for missing images and stylesheets – they are never rendered by a browser. And it catches your symbolic links.

   # Images, Stylesheets etc. don't need a HTML 404
   RewriteCond %{REQUEST_URI} !.+.w{2,4}$
   # Existing file
   RewriteCond %{REQUEST_FILENAME} !-f
   # Existing directory
   RewriteCond %{REQUEST_FILENAME} !-d
   # Symbolic link
   RewriteCond %{REQUEST_FILENAME} !-l
   RewriteRule ^ index.php [L]
   

   Log in to Reply

3. GZip compression

   GZip compression

   <IfModule mod_deflate.c>
       AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css  application/x-javascript
       BrowserMatch ^Mozilla/4 gzip-only-text/html
       BrowserMatch ^Mozilla/4.0[678] no-gzip
       BrowserMatch bMSIE !no-gzip !gzip-only-text/html
   </IfModule>
   

   Log in to Reply

4. Some basic Security stuff.

   # limit indexing of directories
   Options All -Indexes
   
   # protect the htaccess file,
   # this is done by default with apache config file,
   # but you never know.
   <files .htaccess>
   order allow,deny
   deny from all
   </files>
   
   # disable the server signature
   ServerSignature Off
   
   # limit file uploads to 10mb
   LimitRequestBody 10240000
   
   # protect wpconfig.php.
   <files wp-config.php>
   order allow,deny
   deny from all
   </files>
   
   # Limit logins and admin by IP
   # this goes in the /admin folder NOT root folder .htaccess
   <Limit GET POST PUT>
   order deny,allow
   deny from all
   allow from xx.xx.xx.xx  //( your static IP)
   </Limit>    
   
   # block bad query strings (hackers/bots), please be aware this might break some plugins
   # QUERY STRING EXPLOITS
   <IfModule mod_rewrite.c>
    RewriteCond %{QUERY_STRING} ../    [NC,OR]
    RewriteCond %{QUERY_STRING} boot.ini [NC,OR]
    RewriteCond %{QUERY_STRING} tag=     [NC,OR]
    RewriteCond %{QUERY_STRING} ftp:     [NC,OR]
    RewriteCond %{QUERY_STRING} http:    [NC,OR]
    RewriteCond %{QUERY_STRING} https:   [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*([|]|(|)|<|>|'|"|;|?|*).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|config|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
    RewriteRule ^(.*)$ - [F,L]
   </IfModule>
   

   Log in to Reply

5. Redirects and pretty permalinks without mod_rewrite

   # - script kiddies
   
   Redirect permanent /admin.php http://localhost
   Redirect permanent /_vti_bin http://localhost
   Redirect permanent /css http://localhost
   Redirect permanent /site http://localhost
   Redirect permanent /s/ http://localhost
   Redirect permanent /v/ http://localhost
   Redirect permanent /html http://localhost
   Redirect permanent /stil http://localhost
   Redirect permanent /wp-content/cache.php http://localhost
   
   
   # - stupid robots
   
   Redirect permanent /sitemap.gz /sitemap.xml.gz
   Redirect permanent /default.htm /
   Redirect permanent /feeds/posts/default /feed/
   
   - URL truncating
   
   RedirectMatch Permanent ^/page/$ /
   # /category/ and /comments/ to a TOC
   RedirectMatch Permanent ^/(category|comments)/$ /uebersicht/
   
   # Git only! :)
   RedirectMatch Permanent .(svn|cvs|SVN|CVS|bzr) http://localhost
   
   # Bots searching for mobile versions
   # see http://perishablepress.com/press/2010/04/26/stop-404-requests-for-mobile-versions-of-your-site/#comment-78105
   RedirectMatch gone /mobi(le)?($|/)
   RedirectMatch gone /iphone($|/)
   
   # - 410
   
   # Old feeds are dead
   Redirect gone /2008/feed/
   Redirect gone /2009/feed/
   Redirect gone /2010/feed/
   
   # stupid bots and browsers again
   
   Redirect gone /crossdomain.xml
   Redirect gone /labels.rdf
   Redirect gone /.well-known
   Redirect gone /parent-page
   RedirectMatch gone .*/config$
   
   # Pretty permalinks without mod_rewrite!
   ErrorDocument 404 /index.php
   

   Log in to Reply

6. ERRATA

   #Jauntily show the admin’s email address in error message
   SetEnv SERVER_ADMIN info@yoursite.com
   
   #disable hotlinking of images with forbidden or custom image option
   RewriteEngine on
   RewriteCond %{HTTP_REFERER} !^$
   RewriteCond %{HTTP_REFERER} !^http://(www.)?yoursite.com/.*$ [NC]
   #RewriteRule .(gif|jpg|png)$ – [F]
   #RewriteRule .(gif|jpg|png)$ http://www.yoursite.com/wp-content/uploads/2011/04/bracker_thou_shalt_not_steal24.jpg [R,L]
   
   #block referring domains
   #RewriteEngine on
   #RewriteCond %{HTTP_REFERER} digg.com [NC]
   #RewriteRule .* – [F]
   
   #Remove /category/ from your WordPress url
   RewriteRule ^category/(.+)$ http://www.yourblog.com/$1 [R=301,L]
   
   #Redirect visitors to a maintenance page
   RewriteEngine on
   RewriteCond %{REQUEST_URI} !/maintenance.html$
   RewriteCond %{REMOTE_ADDR} !^123.123.123.123
   RewriteRule $ /maintenance.html [R=302,L]
   
   #auto-correct simple URL spelling mistakes
   <IfModule mod_speling.c>
   CheckSpelling On
   </IfModule>
   
   #better login
   RewriteRule ^login$ http://example.com/wp-login.php [NC,L]
   

   Log in to Reply

7. This is something more secured i hop you like this

   # BEGIN WordPress Browser Cache
   <IfModule mod_mime.c>
       AddType text/css .css
       AddType application/x-javascript .js
       AddType text/x-component .htc
       AddType text/html .html .htm
       AddType text/richtext .rtf .rtx
       AddType image/svg+xml .svg .svgz
       AddType text/plain .txt
       AddType text/xsd .xsd
       AddType text/xsl .xsl
       AddType text/xml .xml
       AddType video/asf .asf .asx .wax .wmv .wmx
       AddType video/avi .avi
       AddType image/bmp .bmp
       AddType application/java .class
       AddType video/divx .divx
       AddType application/msword .doc .docx
       AddType application/vnd.ms-fontobject .eot
       AddType application/x-msdownload .exe
       AddType image/gif .gif
       AddType application/x-gzip .gz .gzip
       AddType image/x-icon .ico
       AddType image/jpeg .jpg .jpeg .jpe
       AddType application/vnd.ms-access .mdb
       AddType audio/midi .mid .midi
       AddType video/quicktime .mov .qt
       AddType audio/mpeg .mp3 .m4a
       AddType video/mp4 .mp4 .m4v
       AddType video/mpeg .mpeg .mpg .mpe
       AddType application/vnd.ms-project .mpp
       AddType application/x-font-otf .otf
       AddType application/vnd.oasis.opendocument.database .odb
       AddType application/vnd.oasis.opendocument.chart .odc
       AddType application/vnd.oasis.opendocument.formula .odf
       AddType application/vnd.oasis.opendocument.graphics .odg
       AddType application/vnd.oasis.opendocument.presentation .odp
       AddType application/vnd.oasis.opendocument.spreadsheet .ods
       AddType application/vnd.oasis.opendocument.text .odt
       AddType audio/ogg .ogg
       AddType application/pdf .pdf
       AddType image/png .png
       AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
       AddType audio/x-realaudio .ra .ram
       AddType application/x-shockwave-flash .swf
       AddType application/x-tar .tar
       AddType image/tiff .tif .tiff
       AddType application/x-font-ttf .ttf .ttc
       AddType audio/wav .wav
       AddType audio/wma .wma
       AddType application/vnd.ms-write .wri
       AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
       AddType application/zip .zip
   </IfModule>
   <IfModule mod_expires.c>
       ExpiresActive On
       ExpiresByType text/css A31536000
       ExpiresByType application/x-javascript A31536000
       ExpiresByType text/x-component A31536000
       ExpiresByType text/html A3600
       ExpiresByType text/richtext A3600
       ExpiresByType image/svg+xml A3600
       ExpiresByType text/plain A3600
       ExpiresByType text/xsd A3600
       ExpiresByType text/xsl A3600
       ExpiresByType text/xml A3600
       ExpiresByType video/asf A31536000
       ExpiresByType video/avi A31536000
       ExpiresByType image/bmp A31536000
       ExpiresByType application/java A31536000
       ExpiresByType video/divx A31536000
       ExpiresByType application/msword A31536000
       ExpiresByType application/vnd.ms-fontobject A31536000
       ExpiresByType application/x-msdownload A31536000
       ExpiresByType image/gif A31536000
       ExpiresByType application/x-gzip A31536000
       ExpiresByType image/x-icon A31536000
       ExpiresByType image/jpeg A31536000
       ExpiresByType application/vnd.ms-access A31536000
       ExpiresByType audio/midi A31536000
       ExpiresByType video/quicktime A31536000
       ExpiresByType audio/mpeg A31536000
       ExpiresByType video/mp4 A31536000
       ExpiresByType video/mpeg A31536000
       ExpiresByType application/vnd.ms-project A31536000
       ExpiresByType application/x-font-otf A31536000
       ExpiresByType application/vnd.oasis.opendocument.database A31536000
       ExpiresByType application/vnd.oasis.opendocument.chart A31536000
       ExpiresByType application/vnd.oasis.opendocument.formula A31536000
       ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
       ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
       ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
       ExpiresByType application/vnd.oasis.opendocument.text A31536000
       ExpiresByType audio/ogg A31536000
       ExpiresByType application/pdf A31536000
       ExpiresByType image/png A31536000
       ExpiresByType application/vnd.ms-powerpoint A31536000
       ExpiresByType audio/x-realaudio A31536000
       ExpiresByType image/svg+xml A31536000
       ExpiresByType application/x-shockwave-flash A31536000
       ExpiresByType application/x-tar A31536000
       ExpiresByType image/tiff A31536000
       ExpiresByType application/x-font-ttf A31536000
       ExpiresByType audio/wav A31536000
       ExpiresByType audio/wma A31536000
       ExpiresByType application/vnd.ms-write A31536000
       ExpiresByType application/vnd.ms-excel A31536000
       ExpiresByType application/zip A31536000
   </IfModule>
   <IfModule mod_deflate.c>
       <IfModule mod_setenvif.c>
           BrowserMatch ^Mozilla/4 gzip-only-text/html
           BrowserMatch ^Mozilla/4.0[678] no-gzip
           BrowserMatch bMSIE !no-gzip !gzip-only-text/html
           BrowserMatch bMSI[E] !no-gzip !gzip-only-text/html
       </IfModule>
       <IfModule mod_headers.c>
           Header append Vary User-Agent env=!dont-vary
       </IfModule>
       <IfModule mod_filter.c>
           AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon
       </IfModule>
   </IfModule>
   <FilesMatch ".(css|js|htc|CSS|JS|HTC)$">
       <IfModule mod_headers.c>
           Header set Pragma "public"
           Header append Cache-Control "public, must-revalidate, proxy-revalidate"
       </IfModule>
       FileETag MTime Size
       <IfModule mod_headers.c>
            Header set X-Powered-By "W3 Total Cache/0.9.2.4"
       </IfModule>
   </FilesMatch>
   <FilesMatch ".(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|HTML|HTM|RTF|RTX|SVG|SVGZ|TXT|XSD|XSL|XML)$">
       <IfModule mod_headers.c>
           Header set Pragma "public"
           Header append Cache-Control "public, must-revalidate, proxy-revalidate"
       </IfModule>
       FileETag MTime Size
       <IfModule mod_headers.c>
            Header set X-Powered-By "W3 Total Cache/0.9.2.4"
       </IfModule>
   </FilesMatch>
   <FilesMatch ".(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EOT|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|OTF|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SVG|SVGZ|SWF|TAR|TIF|TIFF|TTF|TTC|WAV|WMA|WRI|XLA|XLS|XLSX|XLT|XLW|ZIP)$">
       <IfModule mod_headers.c>
           Header set Pragma "public"
           Header append Cache-Control "public, must-revalidate, proxy-revalidate"
       </IfModule>
       FileETag MTime Size
       <IfModule mod_headers.c>
            Header set X-Powered-By "W3 Total Cache/0.9.2.4"
       </IfModule>
   </FilesMatch>
   # END WordPress Browser Cache
   # BEGIN WordPress Page Cache core
   <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteBase /
       RewriteRule ^(.*/)?Wordpress_rewrite_test$ $1?Wordpress_rewrite_test=1 [L]
       RewriteCond %{HTTP:Accept-Encoding} gzip
       RewriteRule .* - [E=Wordpress_ENC:_gzip]
       RewriteCond %{REQUEST_METHOD} !=POST
       RewriteCond %{QUERY_STRING} =""
       RewriteCond %{HTTP_HOST} =hubtank.com
       RewriteCond %{REQUEST_URI} !(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|/feed/|wp-.*.php|index.php) [NC,OR]
       RewriteCond %{REQUEST_URI} (wp-comments-popup.php|wp-links-opml.php|wp-locations.php) [NC]
       RewriteCond %{HTTP_COOKIE} !(comment_author|wp-postpass|wordpress_[a-f0-9]+|wordpress_logged_in) [NC]
       RewriteCond %{HTTP_USER_AGENT} !(W3 Total Cache/0.9.2.4) [NC]
       RewriteCond "%{DOCUMENT_ROOT}/wp-content/Wordpress/pgcache/%{REQUEST_URI}/_index%{ENV:Wordpress_UA}%{ENV:Wordpress_REF}%{ENV:Wordpress_SSL}.html%{ENV:Wordpress_ENC}" -f
       RewriteRule .* "/wp-content/Wordpress/pgcache/%{REQUEST_URI}/_index%{ENV:Wordpress_UA}%{ENV:Wordpress_REF}%{ENV:Wordpress_SSL}.html%{ENV:Wordpress_ENC}" [L]
   </IfModule>
   # END WordPress Page Cache core
   # BEGIN WordPress
   <IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteBase /
   RewriteRule ^index.php$ - [L]
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
   RewriteRule . /index.php [L]
   </IfModule>
   

   Log in to Reply