Optimize htaccess SEO WordPress

Carrying out a correct configuration of the Apache .htaccess file can help us speed up tasks, correct errors and even optimize part of the work SEO in our web positioning or maintenance projects. Today we tell you rules of ..htaccess SEO WordPress that you should know.

With the addition of rules in this file we can add an extra layer of security protection, such as preventing hotlinking, protecting WordPress (WP) directories and files, controlling bandwidth theft or compressing files.

It is very important to know how delicate this file is to handle since it controls the loading of the web page on the server. That is why we recommend make a backup or even download a copy of this file before editing it.

En Millennials Consulting we have the best team of experts SEO and they can help you with any topic related to the positioning of your website.

Basic list of Htaccess rules SEO WordPress

These simple rules will save you a lot of problems in web migrations or changes in web architecture.

1. Remove the "www" in all domain urls

#remove www from URI
Rewrit eEngine On
Rewrit eCond %{HTTP_HOST} ^www.dominio.com$ [NC]
Rewrit eRule ^(.*)$ http://dominio.com/$1 [L,R=301]

2. Remove file extension from a URL

Very useful to create beneficial friendly urls in SEO. Example: http://www.domain.com/crm.html – > http://www.domain.com/crm.

Rewrite Rule ^(([^/]+/)*[^.]+)$ /$1.php [L]

3. Remove a string from a URL

This rule is very useful to remove the well-known “category” from URLs: http://domain.com/category/crm- > http://domain.com/crm. However, if we can configure it in WP, it is much better. When we start a project, we must configure the permanlink structure.

Rewrite Rule ^category/(.+)$ http://www.dominio.com/$1 [R=301,L]

4. Enable GZIP compression

This rule will help us to load the web faster.

AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html

5. 301 redirection from the old domain to a new one

Very useful rule to make a web migration or change of domain without losing traffic. In addition, with the use of rule 301 you will not incur a penalty SEO for duplicate content. If our domain was on another server we should only keep the file .htaccess is the old server for the redirect to take effect.

Rewrit eEngine On
Rewrit eRule ^(.*)$ http://www.nuevodominio.com/$1 [R=301,L]

6. Add trailing slash to the url

This is very useful to avoid duplicate content. For example, if our server serves the URLs in this form www.domino.com/crm and www.domino.com/crm/ for Google they are 2 different URLs but we offer the same content.

RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(.)/$ RewriteRule (.) http://www.tudominio.com/$1/ [L,R=301]

7. 301 redirects by url and the rest to the home page

Through this rule we can redirect certain URLs to a new domain and the rest to the home page. In this case, the order of the rules is important, from top to bottom in order of preference.

# primero redirige las url objetivo y el resto a la home
Redirect /dierproefvrije-cosmetica-not-tested-on-animals/ https://dominio.com/nl/natuurlijke-cosmetica/
Redirect /bad-douche/ https://dominio.com/nl/producto/alo%C3%AB-vera-badgel-250ml/
Redirect /gezichtsverzorging/ https://dominio.com/nl/productcategorie/gelaats/
# el resto de urls a la home
redirectMatch 301 ^(.*)/$ https://dominio.com/nl/

8. Redirect domain and other urls

With this rule we can redirect all urls to the new domain.

redirectMatch 301 ^(.*)/$ https://nuevodominio.es/$1

9. Friendly 301 Redirects SEO

If you want to redirect a specific page without affecting the SEO you can use this rule.

Redirect 301 /d/file.html https://www.nuevodominio.com/r/file.html

10. Redirects to custom pages for each type of error

With this simple rule we can redirect each 40X error to a specific url.

ErrorDocument 401 /error/401.php
ErrorDocument 403 /error/403.php
ErrorDocument 404 /error/404.php
ErrorDocument 500 /error/500.php

11. Force cache expiration

This rule helps us load the page faster when the same user visits the web again.

FileETag MTime Size
ExpiresActive on
ExpiresDefault "access plus 86400 seconds"

List of htaccess rules for security

With these rules you will be able to increase the security in your WordPress.

12. Add security headers

HTTP headers inform the web browser of how to act during its interaction with the website. These headers consist of metadata that provide information to the browser. Using the correct response headers we can strengthen security of the web.

For example, we can add strict transport security to force browsers to communicate with your website only over HTTPS.

Some headers are:

• HTTP Strict Transport Security
• X-Frame-Options
• X-XSS-Protection
• X-Content-Type-Options
• Referrer-Policy
• Feature-Policy
• Content-Security-Policy

<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Content-Type-Options "nosniff"
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
    Header set Referrer-Policy "same-origin"
    Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
    Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
    Header always set Expect-CT "max-age=7776000, enforce"
    Header always set Referrer-Policy: "no-referrer-when-downgrade"
    Header always set Permissions-Policy "geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);"  
    Header always set Content-Security-Policy "upgrade-insecure-requests"
    Header set X-Permitted-Cross-Domain-Policies &quot;none&quot;
</IfModule>

13. Disable directory browsing on your site

When the web server does not find an index file like index.php or index.html, it automatically displays a index page which shows the contents of the directory being vulnerable to hacker attacks.

Options -Indexes

14. File password protection

To increase the robustness of our to maximise security and your enjoyment. in apache and wordpress we can include a password to access certain files and directories.

# proteger un archivo con contraseña
AuthType Basic
AuthName "Prompt"
AuthUserFile /home/path/.htpasswd
Require valid-user
# proteger un directorio con contraseña
resides
AuthType basic
AuthName "This directory is protected"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user

15. Protect the htaccess file

With these rules you can protect access to any file, showing a 403 error page when someone tries to access:

# Protege el archivo htaccess
<files .htaccess>
order allow,deny
deny from all
</files>

# Protección extrema de htaccess
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

16 Block web access by IP

If you observe too much spam in the comments or notes an increase in traffic of dubious reputation you have the option to block this access to the web knowing the IP.

allow from all
deny from 145.156.14.172
deny from 124.150.011

17. Redirect all traffic except certain IPs

Sometimes we may be interested in closing the web to all traffic except for certain IP's showing a 403 (accessing a folder to which we do not have permission).

ErrorDocument 403 http://www.midominio.com
Order deny,allow
Deny from all
Allow from 124.24.48.135
Allow from 102.14.68.143

18. Block access to bots

With the following rule we can block all user-agents that we do not want our website to be tracked, either because it is potentially harmful or to keep the load on the server low. We must first identify those bots and their user agents. For example, if we do not want the Ahrefs bot to track us, we will use the user-agent “User-agent: AhrefsBot”.

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^AhrefsBot[NC]
    RewriteRule ^.* - [F,L]
</IfModule>

19. Prevent Hotlinking in htaccess

This rule helps us prevent other websites from using our images in their blogs hosted on our server thus reducing bandwidth consumption.

Options +FollowSymlinks
# Protect against hotlinking
Rewrit eEngine On
Rewrit eCond %{HTTP_REFERER} !^$
Rewrit eCond %{HTTP_REFERER} !^http://(www.)?nombrededominio.com/ [nc]
Rewrit eRule .*.(gif|jpg|png)$ http://nombrededominio.com/img/no_robar_ancho_de_banda.gif[nc]

Conclusions

There are a large number of rules that can help us both in tasks SEO such as redirections or with friendly urls but also in web security. Although it is true that we cannot control 100% security, these simple rules will help us a lot in this regard.

Fonts

ullsdelmon.org

wordpress.org