Carrying out a correct configuration of the Apache .htaccess file can help us speed up tasks, correct errors and even optimize part of the work SEO in our web positioning or maintenance projects. Today we tell you rules of ..htaccess SEO WordPress that you should know.
With the addition of rules in this file we can add an extra layer of security protection, such as preventing hotlinking, protecting WordPress (WP) directories and files, controlling bandwidth theft or compressing files.
It is very important to know how delicate this file is to handle since it controls the loading of the web page on the server. That is why we recommend make a backup or even download a copy of this file before editing it.
Basic list of Htaccess rules SEO WordPress
These simple rules will save you a lot of problems in web migrations or changes in web architecture.
1. Remove the "www" in all domain urls
#remove www from URI
Rewrit eEngine On
Rewrit eCond %{HTTP_HOST} ^www.dominio.com$ [NC]
Rewrit eRule ^(.*)$ http://dominio.com/$1 [L,R=301]2. Remove file extension from a URL
Very useful to create beneficial friendly urls in SEO. Example: http://www.domain.com/crm.html – > http://www.domain.com/crm.
Rewrite Rule ^(([^/]+/)*[^.]+)$ /$1.php [L]3. Remove a string from a URL
This rule is very useful to remove the well-known “category” from urls: http://domain.com/category/crm-> http://domain.com/crm. However, if we can configure it in WP, much better. When we start a project we must configure the structure of the permanlinks.
Rewrite Rule ^category/(.+)$ http://www.dominio.com/$1 [R=301,L]4. Enable GZIP compression
This rule will help us to load the web faster.
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html5. 301 redirection from the old domain to a new one
Very useful rule to make a web migration or change of domain without losing traffic. In addition, with the use of rule 301 you will not incur a penalty SEO for duplicate content. If our domain was on another server we should only keep the file .htaccess is the old server for the redirect to take effect.
Rewrit eEngine On
Rewrit eRule ^(.*)$ http://www.nuevodominio.com/$1 [R=301,L]6. Add trailing slash to the url
This is very useful to avoid duplicate content. For example, if our server serves urls like this www.domino.com/crm and www.domino.com/crm/ for Google are 2 different urls but we offer the same content.
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(.)/$ RewriteRule (.) http://www.tudominio.com/$1/ [L,R=301]7. 301 redirects by url and the rest to the home page
Through this rule we can redirect certain URLs to a new domain and the rest to the home page. In this case, the order of the rules is important, from top to bottom in order of preference.
# primero redirige las url objetivo y el resto a la home
Redirect /dierproefvrije-cosmetica-not-tested-on-animals/ https://dominio.com/nl/natuurlijke-cosmetica/
Redirect /bad-douche/ https://dominio.com/nl/producto/alo%C3%AB-vera-badgel-250ml/
Redirect /gezichtsverzorging/ https://dominio.com/nl/productcategorie/gelaats/
# el resto de urls a la home
redirectMatch 301 ^(.*)/$ https://dominio.com/nl/8. Redirect domain and other urls
With this rule we can redirect all urls to the new domain.
redirectMatch 301 ^(.*)/$ https://nuevodominio.es/$19. Friendly 301 Redirects SEO
If you want to redirect a specific page without affecting the SEO you can use this rule.
Redirect 301 /d/file.html https://www.nuevodominio.com/r/file.html10. Redirects to custom pages for each type of error
With this simple rule we can redirect each 40X error to a specific url.
ErrorDocument 401 /error/401.php
ErrorDocument 403 /error/403.php
ErrorDocument 404 /error/404.php
ErrorDocument 500 /error/500.php11. Force cache expiration
This rule helps us load the page faster when the same user visits the web again.
FileETag MTime Size
ExpiresActive on
ExpiresDefault "access plus 86400 seconds"
DO WE CALL YOU?
Contact us to talk about your business. Our technicians and professionals will teach you the possibilities of improving your web positioning.
List of htaccess rules for security
With these rules you will be able to increase the security in your WordPress.
12. Add security headers
HTTP headers inform the web browser of how to act during its interaction with the website. These headers consist of metadata that provide information to the browser. Using the correct response headers we can strengthen security of the web.
For example, we can add strict transport security to force browsers to communicate with your website only over HTTPS.
Some headers are:
- HTTP Strict Transport Security
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Referrer-Policy
- Feature-Policy
- Content-Security-Policy
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header set Referrer-Policy "same-origin"
Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header always set Expect-CT "max-age=7776000, enforce"
Header always set Referrer-Policy: "no-referrer-when-downgrade"
Header always set Permissions-Policy "geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);"
Header always set Content-Security-Policy "upgrade-insecure-requests"
Header set X-Permitted-Cross-Domain-Policies "none"
</IfModule>
13. Disable directory browsing on your site
When the web server does not find an index file like index.php or index.html, it automatically displays a index page which shows the contents of the directory being vulnerable to hacker attacks.
Options -Indexes14. File password protection
To increase the robustness of our fullfilment of security requirements in apache and wordpress we can include a password to access certain files and directories.
# proteger un archivo con contraseña
AuthType Basic
AuthName "Prompt"
AuthUserFile /home/path/.htpasswd
Require valid-user
# proteger un directorio con contraseña
resides
AuthType basic
AuthName "This directory is protected"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user15. Protect the htaccess file
With these rules you can protect access to any file, showing a 403 error page when someone tries to access:
# Protege el archivo htaccess
<files .htaccess>
order allow,deny
deny from all
</files>
# Protección extrema de htaccess
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>16 Block web access by IP
If you observe too much spam in the comments or notes an increase in traffic of dubious reputation you have the option to block this access to the web knowing the IP.
allow from all
deny from 145.156.14.172
deny from 124.150.01117. Redirect all traffic except certain IPs
Sometimes we may be interested in closing the web to all traffic except for certain IP's showing a 403 (accessing a folder to which we do not have permission).
ErrorDocument 403 http://www.midominio.com
Order deny,allow
Deny from all
Allow from 124.24.48.135
Allow from 102.14.68.14318. Block access to bots
With the following rule we can block all user-agents that we do not want our website to be tracked, either because it is potentially harmful or to keep the load on the server low. We must first identify those bots and their user agents. For example, if we do not want the Ahrefs bot to track us, we will use the user-agent “User-agent: AhrefsBot”.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^AhrefsBot[NC]
RewriteRule ^.* - [F,L]
</IfModule>19. Prevent Hotlinking in htaccess
This rule helps us prevent other websites from using our images in their blogs hosted on our server thus reducing bandwidth consumption.
Options +FollowSymlinks
# Protect against hotlinking
Rewrit eEngine On
Rewrit eCond %{HTTP_REFERER} !^$
Rewrit eCond %{HTTP_REFERER} !^http://(www.)?nombrededominio.com/ [nc]
Rewrit eRule .*.(gif|jpg|png)$ http://nombrededominio.com/img/no_robar_ancho_de_banda.gif[nc]DO WE CALL YOU?
Contact us to talk about your business. Our technicians and professionals will teach you the possibilities of improving your web positioning.
Conclusions
There are a large number of rules that can help us both in tasks SEO such as redirections or with friendly urls but also in web security. Although it is true that we cannot control 100% security, these simple rules will help us a lot in this regard.
Fonts
