wordpress的.htaccess设置详解

htaccess, the file which control the Apache webserver, is very useful and allows you to do a lot of things. In this article, let’s see how .htaccess can help you with your WordPress blog, for both security,functionnality and usability.

Warning

When editing or modifying the .htaccess file of your WordPress blog, make sure to always have a backup that you can restore in case of something went wrong.

1 – Redirect WordPress RSS feeds to feedburner with .htaccess

Which blogger doesn’t use feedburner? Sure, feedburner is a very nice service, allowing you to know how many people suscribed to your rss feeds. The only problem is that you must edit your theme files to manually change the rss url. Happilly, there’s a nice hack, using .htaccess, which will make you save a lot of time!
Don’t forget to modify line 6 before applying this code!

# temp redirect wordpress content feeds to feedburner
<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP_USER_AGENT} !FeedBurner    [NC]
 RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
 RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds2.feedburner.com/catswhocode [R=302,NC,L]
</IfModule>

Source: How to redirect WordPress rss feeds to feedburner

2 – Remove /category/ from your WordPress url

By default, WordPress category permalinks are displayed that way:

http://www.catswhocode.com/blog/category/wordpress

As you can see, the category in the url is pretty useless. Here’s how to remove it:
First backup your .htaccess file. Then, open it and append the following line:

RewriteRule ^category/(.+)$ http://www.yourblog.com/$1 [R=301,L]

Once saved, your categories pages will be displayed like this:

http://www.catswhocode.com/blog/wordpress

Source: How to remove category from your WordPress url

3 – Using browser cache

A very good way to optimize your blog loading time is to force the use of the browser cache. This code will not improve your blog loading time directly, but it will save some work to the server by sending a 304 not modified status when the requested element haven’t been modified.

FileETag MTime Size
<ifmodule mod_expires.c>
  <filesmatch "\.(jpg|gif|png|css|js)$">
       ExpiresActive on
       ExpiresDefault "access plus 1 year"
   </filesmatch>
</ifmodule>

Source: Comment accelerer le temps de chargement de votre blog

4 – Compress static data

Do you know that it is possible to send compressed data to the visitors, which will be decompressed by the client? This code will definitely save you (and your visitor) bandwidth and reduce your pages weight.

AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html

5 – Redirect Day and name permalinks to /%postname%/

The first thing to do is to login to your WordPress admin, go to Settings → Permalinks and select custom. Fill out the field with /%postname%/.
Your permalinks will now look like the ones on this blog:

http://www.yourblog.com/name-of-the-post

Now we got to redirect all backlinks using the old permalinks structure to the new permalink structure. To do so, you’ll have to edit the .htaccess file, located in WordPress root directory.
Paste the following line in your .htaccess:

RedirectMatch 301 /([0-9]+)/([0-9]+)/([0-9]+)/(.*)$ http://www.domain.com/$4

Allright! You just changed your permalinks structure without loosing any backlinks!
Source: Redirect day and name permalinks to postname

6 – How to: Deny comment posting to no referrer requests

Are you sick and tired about the daily amount of spam comments received? Sure, there’s akismet, but here’s a little .htaccess trick to prevent spammers posting on your blog. The fact is that most spammers uses bots comming from nowhere. This code will look for the referrer (the page from where the commentator come from) and will deny commenting if the commentator try to access the wp-comments-post.php file without directly comming from your blog.
Just change the line 4 and specify your blog url there.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Source: How to deny comment posting to no referrer requests

7 – Redirect visitors to a maintenance page

When you’re upgrading your blog, or making theme/design changes, it isn’t a good idea to let people see your blog being tweaked, sometimes with design or code problems, or even worst, security gaps.
The solution is to design a nice “maintenance page” and temporarily redirect your visitors to that page until you finished the maintenance.
Replace maintenance.html (line 2) by the page you’d like to redirect your visitors, and the IP adress on line 3 by your own ip.
Note that a 302 redirection is used, to avoid search engines indexing the maintenance page instead of your real homepage!

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]

Source: Comment faire une page d’accueil pour les internautes

8 – Protect your WordPress blog from hotlinking

Hotlinking is the use of an image from one site into a web page belonging to another site. Many bloggers are hotlinked, and have their bandwidth used on another websites. This very helpful code will protect your WordPress blog from hotlinking.

RewriteEngine On
#Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your "don't hotlink" image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

Source: How to protect your WordPress blog from hotlinking

9 – Allow only your IP adress on the wp-admin directory

Excepted the case of a collaborative blog, only you should be allowed to visit the wp-admin directory. If you have a static IP, this code will do the job.
All you have to do is to enter your static IP adress on line 8. Note that you can add more IPs if needed, by creating a new line with: allow from xx.xx.xxx.xx inside.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Example Access Control"
AuthType Basic
<LIMIT GET>
order allow, deny
deny from all
allow from xx.xx.xx.xx
</LIMIT>

Source: Protecting the WordPress wp-admin folder

10 – Banning a WordPress Spammer With .htaccess

You know it, spam is very annoying. In the case of a particular person/bot spamming you, you can easily avoid it by blacklisting the IP.
Simply replace the IP adress on line 3 by the spammer’s IP. You can add more spammers by creating a new line with deny from xxx.xx.xxx.xxx inside.

<Limit GET POST>
order allow,deny
deny from 200.49.176.139
allow from all
</Limit>

Source: The easiest way to ban a WordPress spammer

More posts about htaccess

• 10 useful .htaccess snippets to have in your toolbox

from http://www.catswhocode.com/blog/10-awesome-htaccess-hacks-for-wordpress
---------------------------------
中文翻译：
 wordpress的.htaccess设置详解

对于Apache服务器，使用.htaccess文件可以进行很多相关网络服务访问的配置。而以下的10个技巧则专门针对WordPress所进行的设置，推荐大家参考使用：
参考原文：10 awesome .htaccess hacks for WordPress

RSS Feed

重定向WordPress的RSS Feed链接地址到Feedburner地址：
除了修改WP的模板文件来定制其输出的RSS Feed链接地址外，还可以使用.htaccess文件来进行设置(替换yourrssfeedlink为自己的Feedburner地址)。

1 2 3 4 5 6 7

# temp redirect wordpress content feeds to feedburner <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_USER_AGENT} !FeedBurner    [NC] RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC] RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds2.feedburner.com/catswhocode [R=302,NC,L] </IfModule>

参考：How to redirect WordPress rss feeds to feedburner

category

去除WordPress分类链接中的“/category/”：
默认情况下，WordPress的分类链接显示的样式为：
http://e-spacy.com/blog/category/tech
其实其中的category部分没有任何意义，如果想去掉它可以修改.htaccess文件(替换yourblog为自己的网址)。

1	RewriteRule ^category/(.+)$ http://www.yourblog.com/$1 [R=301,L]

参考：How to remove category from your WordPress url

浏览器缓存

可以修改.htaccess文件让访问者使用浏览器缓存来优化其访问速度。

1 2 3 4 5 6 7

FileETag MTime Size <ifmodule mod_expires.c> <filesmatch "\.(jpg|gif|png|css|js)$"> ExpiresActive on ExpiresDefault "access plus 1 year" </filesmatch> </ifmodule>

参考： Comment accelerer le temps de chargement de votre blog

压缩静态数据

可以修改.htaccess文件来压缩需要访问的数据(传输后在访问端解压)，从而可以减少访问流量和载入时间。

1 2 3 4

AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4.0[678] no-gzip BrowserMatch bMSIE !no-gzip !gzip-only-text/html

Post name

重定向日期格式的WP Permalink链接地址为Postname格式：
如果你目前的Permalink地址为/%year%/%monthnum%/%day%/%postname%/ 的格式，那么我强烈推荐你直接使用/%postname%/ ，这样对搜索引擎要舒服得多。首先你需要在WordPress的后台设置输出的Permalinks格式为/%postname%/ 。然后修改.htaccess文件来重定向旧的链接，不然别人以前收藏你的网址都会转成404哦!(替换yourdomain为自己的网址)

1	RedirectMatch 301 /([0-9]+)/([0-9]+)/([0-9]+)/(.*)$ http://www.yourdomain.com/$4

参考： Redirect day and name permalinks to postname

垃圾评论

阻止没有referrer来源链接的垃圾评论：
设置.htaccess文件可以阻止大多数无Refferrer来源的垃圾评论机器人Bot Spammer。其会查询访问你网站的来源链接，然后阻止其通过wp-comments-post.php来进行垃圾评论。

1 2 3 4 5 6

RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post\.php* RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

参考： How to deny comment posting to no referrer requests

维护页面

定制访问者跳转到维护页面：
当你进行网站升级，模板修改调试等操作时，最好让访问者临时跳转到一个声明的维护页面(和404错误页面不同)，来通知网站暂时无法访问，而不是留 下一片空白或者什么http bad错误。(替换maintenance.html为自己定制的维护页面网址，替换123.123.123.123为自己目前的IP地址，不然你自己访 问也跳转哦)

1 2 3 4

RewriteEngine on RewriteCond %{REQUEST_URI} !/maintenance.html$ RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123 RewriteRule $ /maintenance.html [R=302,L]

参考：Comment faire une page d’accueil pour les internautes

防盗链

设置你的WordPress防盗链：
盗链是指其它网站直接使用你自己网站内的资源，从而浪费网站的流量和带宽，比如图片，上传的音乐，电影等文件。(替换mysite为自己的网址和/images/notlink.jpg为自己定制的防盗链声明图片)

1 2 3 4 5 6

RewriteEngine On #Replace ?mysite\.com/ with your blog url RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ #Replace /images/nohotlink.jpg with your "don't hotlink" image url RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

参考：How to protect your WordPress blog from hotlinking

wp-admin限制IP

只允许自己的IP访问wp-admin：
如果你不是团队合作Blog，最好设置只有自己能够访问WP的后台。前提是你的IP不是像我一样动态的哦。(替换xx.xx.xx.xx为自己的IP地址)

1 2 3 4 5 6 7 8 9

AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Example Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all allow from xx.xx.xx.xx </LIMIT>

参考：Protecting the WordPress wp-admin folder

阻止指定IP的访问

如果你想要阻止指定IP的访问，来防止其垃圾评论，那么你可以创建自己的Backlist黑名单。(替换xx.xx.xx.xx为指定的IP地址)

1 2 3 4 5

<Limit GET POST> order allow,deny deny from xx.xx.xx.xx allow from all </Limit>

参考：The easiest way to ban a WordPress spammer

参考文献(转自)
• http://www.catswhocode.com/blog/10-awesome-htaccess-hacks-for-wordpress
• http://www.wprecipes.com/how-to-redirect-wordpress-rss-feeds-to-feedburner-with-htaccess
• http://www.wprecipes.com/how-to-remove-category-from-your-wordpress-url
• http://www.wprecipes.com/redirect-day-and-name-permalinks-to-postname
• http://www.wprecipes.com/how-to-deny-comment-posting-to-no-referrer-requests
• http://www.wprecipes.com/how-to-protect-your-wordpress-blog-from-hotlinking
• http://www.reubenyau.com/protecting-the-wordpress-wp-admin-folder/
• http://lorelle.wordpress.com/2007/09/20/the-easiest-way-to-ban-a-wordpress-spammer/