Your .htaccess file controls the Apache webserver behavior, so you can make a number of edits and changes to your site from the extreme backend (or upstream, depending on how you look at).
By editing your .htaccess file, you can manipulate your website before it even hits WordPress, Drupal or static HTML site.
ATTENTION: Before you even open your .htaccess to edit, make a backup copy!!!
It wouldn’t hurt if you made sure it was chmod to 644 to protect it from malicious hackers, too.
Now, on to the code juice:
1. Prevent Hotlinking
Hotlinking is when someone uses your images on their site. No big deal, right?
The problem with letting others hotlink your images is that they are using your bandwidth for their website.
Here’s how to curb it from happening:
[cc lang=”html”]RewriteEngine On
#Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your “don’t hotlink” image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L][/cc]
Don’t forget to make a nifty “don’t hotlink” image.
2. Create Awesome Custom Error Pages
Want to add some bling to your error pages?
Here’s how:
[cc lang=”html”]ErrorDocument 400 /errors/badrequest.html
ErrorDocument 401 /errors/authreqd.html
ErrorDocument 403 /errors/forbid.html
ErrorDocument 404 /errors/notfound.html
ErrorDocument 500 /errors/serverr.html[/cc]
You can use other file extensions, too.
3. Force File Download
Have you ever wanted specific file extensions to automatically download instead of letting the browser decide?
Now you can!
This will force the download of any file you specify:
[cc lang=”html”]
ForceType application/octet-stream
Header set Content-Disposition attachment
ForceType application/octet-stream
Header set Content-Disposition attachment
How fancy is that?
4. Prevent Directory Listing
If a directory doesn’t have an index file, an Apache server will simply create a list of all the files from the current directory.
You can easily stop from this happening:
[cc lang=”html”]Options -Indexes[/cc]
Told you it was easy 😉
5. Force or Remove WWW
For constancy and SEO sake, you may want to force your site to use the “www” or remove it, no matter what the user keys.
To force “www”:
[cc lang=”html”]RewriteEngine On
RewriteCond %{HTTP_HOST} ^your-site.com [NC]
RewriteRule ^(.*)$ http://www.your-site.com/$1 [L,R=301][/cc]
To remove:
[cc lang=”html”]RewriteEngine On
RewriteCond %{HTTP_HOST} !^your-site.com$ [NC]
RewriteRule ^(.*)$ http://your-site.com/$1 [L,R=301][/cc]
Be sure to test your server first, since some server configs require “www.”
6. Protect Your .htaccess File
Now that you’ve added all this sweet .htaccess code, you want to make sure no one can hack it!
You can do it like so:
[cc lang=”html”]# protect the htaccess file
order allow,deny
deny from all
For you WordPress users, take an extra moment and protect your ever valuable wp-config.php file:
[cc lang=”html”]# protect wpconfig.php
order allow,deny
deny from all
Now you should be nice and safe!
If you’ve done something wrong or your hack doesn’t jive with your server, you should know right away if the hack took. However, just to be safe, be sure to hold-on to your original .htaccess file in case there is a problem down the road.
Have fun!
[via Cats Who Code, WPTidBits & CSS-TRICKS]
Speak your mind...