10 Ways to Use .htaccess to Speed Up WordPress

Recently I’ve become more and more interested in the .htaccess file as a way to speed up and protect your site. Previously here on WPShout I’ve written an “A to Z of WordPress .htaccess Hacks”, which has been a very popular post, and today we’re going to look at ten easy methods to speed up WordPress with the .htaccess file. Not all of these applyspecifically to WordPress; you could easily apply most of these to any other site.


Just before we start, make sure you always have a backup to hand as you may find some ‘things’ aren’t supported by your host and so your site could not load. Whenever you apply any changes, turn off Super Cache and check the site still works. If it doesn’t, load the backup and locate the problem before trying again.

1. Enable caching

Since using starting to use this on WPShout, I’ve really noticed a difference in load times. In a nutshell, we’re telling browsers to cache files with the extension x for x amount of time. That way, especially on image heavy sites (ie sites using Magazine themes), you can increase the load time a heck of a lot.

# 1 YEAR Header set Cache-Control "public" Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT" Header unset Last-Modified # 2 HOURS Header set Cache-Control "max-age=7200, must-revalidate" # CACHED FOREVER # MOD_REWRITE TO RENAME EVERY CHANGE Header set Cache-Control "public" Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT" Header unset Last-Modified 

Source (I can’t remember where I found this; if anyone knows where the page is, leave a comment with the URL and I’ll update the post).

2. gzip files

gzip allows you to compress files, so obviously that means they load faster. The code below will gzip html, text, css, js and php files:

<ifModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text/.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image/.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </ifModule>

3. Combine gzip and caching

Combining the two tips above, gzip and caching, the code below is a brilliant snippet fromSamuel Santos‘ site:

# BEGIN Compress text files SetOutputFilter DEFLATE # END Compress text files # BEGIN Expire headers ExpiresActive On ExpiresDefault "access plus 1 seconds" ExpiresByType image/x-icon "access plus 2592000 seconds" ExpiresByType image/jpeg "access plus 2592000 seconds" ExpiresByType image/png "access plus 2592000 seconds" ExpiresByType image/gif "access plus 2592000 seconds" ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds" ExpiresByType text/css "access plus 604800 seconds" ExpiresByType text/javascript "access plus 216000 seconds" ExpiresByType application/x-javascript "access plus 216000 seconds" ExpiresByType text/html "access plus 600 seconds" ExpiresByType application/xhtml+xml "access plus 600 seconds" # END Expire headers # BEGIN Cache-Control Headers Header set Cache-Control "max-age=2592000, public" Header set Cache-Control "max-age=604800, public" Header set Cache-Control "max-age=216000, private" Header set Cache-Control "max-age=600, private, must-revalidate" # END Cache-Control Headers # BEGIN Turn ETags Off Header unset ETag FileETag None # END Turn ETags Off # BEGIN Remove Last-Modified Header Header unset Last-Modified # END Remove Last-Modified Header 


4. Stop hotlinking

When someone hotlinks an image on your site, that’s using up your resources and so potentially slowing down your site. Thankfully, it’s really easy to stop hotlinking with the following .htaccess trick:

#disable hotlinking of images with forbidden or custom image option RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC] #RewriteRule \.(gif|jpg)$ - [F] RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/stophotlinking.jpg [R,L]

5. Stop spammers

Just like hotlinking, every time a spammer comes on to your site, they’re using your resources, so by stopping spammers you can free up said resources and speed up your site. There are a number of ways of doing this; Perishable Press has some brilliant blacklists, but often highlighted as the tell tale sign of a spam comment is the no refferer; it seems to have come from nowhere. The following will stop no referrer requests and therefore stop spam also:

RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post\.php* RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]


6. Block spammers

After stopping spammers, we’re now blocking them too! Change the line deny from 123.346 etc to include the IP of said spammer.

<Limit GET POST PUT> order allow, deny allow from all deny from 123.456.789 </LIMIT>


7. Use PHP compression

Another compression technique, this time for PHP. At this rate, your blog will be compressed to 1kb!

# php compression – use with caution <ifmodule mod_php4.c> php_value zlib.output_compression 16386 </ifmodule>


8. WP Super Cache

The single plugin that everyone always points at as a tool to speed up your blog, Super Cache generates static .html files of WordPress generated pages. It qualifies to be on this list as mobile support requires you to edit the .htaccess file (see the plugin’s options page). Asides from that, it really is a great tool for speeding up your blog and should help you survive any social media barrage you receive.

9. Stop scrapers

The low life that scrape your content are too using up your resources, and they can be stopped from accessing your RSS feed if you’ve got their IP address and the code below in your .htaccess.

RewriteEngine on RewriteCond %{REMOTE_ADDR} ^ RewriteRule ^(.*)$ http://newfeedurl.com/feed


10. Practice good security

I thought I’d write up a post about speeding up WordPress with .htaccess after needing to do so myself, and in a blatant attempt to get some social media traffic, I’ve (obviously) put it in ‘top ten’ format. When writing this though, it became apparent quite quickly that finding ten things to write about was going to be a bit of a struggle, hence the shift towards looking at security. Tip ten ‘practice good security’ is just that; a number of techniques that you can implement that will help in keeping spammers off your site. By doing this, as I said previously, you can free up resources for other your readers to use. Regular readers will have read another article on WPShout about .htaccess, ‘A to Z of WordPress .htaccess Hacks‘, and throughout this post I’ve been trying to stay clear of the code snippets in that post, but the following snippets all come from that post:

Allow access to the wp-login file to only certain IP addresses (ie yours!)
<Files wp-login.php> Order deny,allow Deny from All Allow from 123.456.789.0 </Files>
Rename the .htaccess file (thus making it harder to find)
# rename htaccess files AccessFileName ht.access
Protect the .htaccess
# STRONG HTACCESS PROTECTION</code> <Files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </Files>
Disable directory browsing (thus stopping visitors finding what plugins you’re using etc)
# disable directory browsing Options All -Indexes




Leave a comment