htaccess file can do so many things for your website that you cannot even imagine. It is one of the most important files although many of us ignore the existence of it (how many of us ignore the existence of robots.txt file). Recently i read a blog post on some useful .htaccess commands and how to implement them for your blog.

What is .htaccess file ?

Ok, i know, not all bloggers know what is .htaccess file is. Specially, if you are hosting your blog at a free blog hosting platform like Blogspot or WordPress. .htaccess file is a server side small file that sits on your web server like any other typical file and direct all the incoming request by your website or blog visitors. It’s like a gate man or a security guard for any website.

How can i create a .htaccess file for my blog or website?

The answer is easy too. All you have to do is take your Windows notepad and copy and paste any command from below. Then save the file as a .htaccess (name the file .htaccess, don’t forget the “.” (period) before the file name). When you save the file, select “Save as type” as “All Files”. Before you upload the file to your web server, make sure you do not have any .htaccess file there. If you have a .htaccess file (normally most of the scripts like WordPress come with a basic .htaccess file), instead of overwriting your current .htaccess file you can add any command from below at the end of your .htaccess file.

I will update this post from time to time and include new and more useful commands for .htaccess file. But for now we will only discuss following commands:

• 1. Protects itself (security)
• 2. Turns the digital signature off (security)
• 3. Limits upload size (security)
• 4. Protects wp-config.php (security)
• 5. Gives access permission to all visitors with exceptions (security, usability)
• 6. Specifies custom error documents (usability)
• 7. Disables directory browsing (security)
• 8. Redirect old pages to new (optional)
• 9. Disables image hotlinking (bandwidth)
• 10. Enables PHP compression (bandwidth)
• 11. Sets the canonical or “standard” url for your site (seo, usability)

# Protect the .htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>



# disable the server signature
ServerSignature Off


# Limit file uploads to 10 MB
LimitRequestBody 10240000


# Protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>


# Who has access & who doesnt
order allow,deny
#deny from 000.000.000.000
allow from all


# Custom error pages like 404
ErrorDocument 404 /notfound.php
ErrorDocument 403 /forbidden.php
ErrorDocument 500 /error.php


# Disable directory browsing
Options All -Indexes


# Redirect old URL to new URL
Redirect 301 /old.php http://www.yourdomain.com/new.php


# Block referring domains
RewriteEngine on
RewriteCond %{HTTP_REFERER} digg\.com [NC]
RewriteRule .* - [F]


# Disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ - [F]
#RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/stealingisbad.gif [R,L]


# php compression - use with caution
<ifmodule mod_php4.c>
php_value zlib.output_compression 16386
</ifmodule>


# Set the canonical url
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\.com$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301,L]


# Protection from spam comments
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]