Redirect www/non-www
Redirecting from www to non-www or vice versa ensures consistency in how users access your website. This process is also known as canonicalization. By choosing one version of your domain (either with or without www), you help prevent issues related to duplicate content, improve SEO, and provide a cleaner and more professional URL structure.
Steps:
To redirect www to non-www:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
To redirect non-www to www:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
PHP Settings
Changing basic PHP settings in the .htaccess file can be extremely useful for customizing the behavior of your WordPress website without altering the global PHP configuration. This allows developers to tailor settings such as memory_limit
, upload_max_filesize
, and max_execution_time
to suit the specific needs of their application, enhancing performance and preventing common issues like timeouts or memory exhaustion.
Parameters:
- memory_limit: The maximum amount of memory a script can consume.
- upload_max_filesize: The maximum size of uploaded files.
- post_max_size: The maximum size of POST data allowed.
- max_input_vars: The maximum number of input variables.
- max_input_time: The maximum time (in seconds) a script is allowed to run.
- max_execution_time: The maximum time a script is allowed to parse input data.
Force HTTPS/SSL
This setting ensures your website automatically switches to HTTPS if someone tries to visit using HTTP, ensuring all data is securely encrypted.
Steps:
Toggle the switch to “Force all requests to use SSL/HTTPS.”
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Error Pages
Customizing error pages using the .htaccess file enhances user experience by providing informative and branded responses when errors occur. By defining custom error documents for various HTTP status codes, such as 404 (Not Found) or 500 (Internal Server Error), you can guide users back to useful content and maintain a consistent look and feel across your website.
Steps:
Enter the path to the custom error page for each error code.
Example for 404 error:
ErrorDocument 404 /custom_404.html
8G Firewall
Securing your WordPress website is vital for maintaining the security and privacy of its users. By preventing the types of attacks listed below, website owners can ensure that their users receive legitimate content without being exposed to harmful or malicious data.
- Block Bad Bots: Prevents access by known bad bots.
- Directory Traversal: Protects against directory traversal attacks.
- Cross-Site Scripting (XSS): Mitigates XSS attacks.
- Cache Poisoning: Prevents cache poisoning.
- Dual-Header Exploits: Protects against HTTP header injection.
- SQL/PHP/Code Injection: Protects against SQL and code injection.
- File Injection/Inclusion: Prevents file inclusion attacks.
IP Whitelist/Blacklist
Using .htaccess to block or allow specific IP addresses is a simple way to control who can access your website. This is like setting up a security guard who only lets certain visitors in while keeping others out.
Steps:
Enter the IPs you want to block in the “Blacklist” field.
Enter the IPs you want to allow in the “Whitelist” field.
File Protection
File protection via .htaccess is a crucial measure to safeguard your server resources and bandwidth. This prevents other websites from directly linking to your files, such as images, videos, or documents.
Options:
- Prevent Hotlinking: Prevents other websites from linking to your files.
- Prevent Directory Listing: Disables directory browsing to protect sensitive information.
CORS
CORS is crucial for modern web applications that rely on fetching resources across different domains, ensuring seamless integration and interaction between web services.
Steps:
Specify the origin domains allowed to access your resources.
Define the allowed HTTP methods (GET, POST, PUT, DELETE, etc.).
Enter allowed headers.
Caching
Configuring caching settings for JavaScript, CSS, and images using the .htaccess file is essential for optimizing website performance and user experience.
Parameters:
- File Extensions: Define the types of files to be cached.
- Duration: Set the cache duration for each file type.
History
The history section allows you to view, delete, and manage backups of your .htaccess file.
Options:
- View: View the details of a specific backup.
- Delete: Delete a specific backup.
- Delete All Backups: Remove all backups at once.
License
Manage your plugin license from this section. You can enter your license key to activate the plugin, and view the license status.
Steps:
Enter your license key in the provided field.
Click “Save & Re-Validate License Key” to activate or re-validate your license.
If needed, click “Deactivate License” to deactivate the plugin.