Ads by Google

Boost WordPress Speed and Protect Site via .htaccess (WITHOUT A PLUGINS)

You need N2O for your WordPress website? You need protect your WordPress website? Here is good solution where is used ONLY .htaccess.

What is .htaccess

.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn ‘loaded via the Apache Web Server’, then the .htaccess file is detected and executed by the Apache Web Server software. These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality, for instance if a 404 file not found error occurs, or for more advanced functions such as content password protection, image hot link prevention, cache controll, compresion, and many more what you can find here.

How this works?

I get idea to avoid huge libraryes from various plugins and all setups what I need to place server side. That’s why I get idea to use .htaccess. Over few years I come up to one good solution combyning and testing setups on hundreds huge websites and compile one almost perfect solution what I will try to explain below.

Enable GZIP on WordPress using .htaccess

To enable GZIP on WordPress you must enable mod_deflate.c and use right output filters like this:

Here is covered almost all important media types like you see. Enablig this in .htaccess you will get best performance and loading time in your WordPress website. Only Exception is Mozilla where some versions of browsers not support GZIP and need to be avoid.

Setup Cache on WordPress inside .htaccess

If you want to speedup WordPress by caching  JavaScript, CSS and images, you can easly setup via .htaccess enabling mod_expires.c

On my setup, I keep cache 31 days, you can change it on lower or higher time. Is all up to you.

Also here is some cache control for headers:

You can setup max-age on time what is best for you.

Protect WordPress installation via .htaccess

WordPress installation can be realy open wide for hacking attacks and that need to be stopped. Some plugins provides good solution but .htaccess can be more effective for most important attacks.

First of all, I force indexes where is only allowed direct access to index files if someone try to access directly inside some folder and list files inside it.

Second protection is disabling direct access to .htaccess, xmlrpc.php and wp-config.php files. NOTE: If you need to use xmlrpc.php file, you need to remove that part of code.

Next protection is blocking direct access to certain files and folders inside WordPress installation.

Last protection is blocking massive spamming and hacking attacks from various spiders and robots.


.htaccess is powerfull tool what you can use easly if you understand right syntax. But for first help, here is my complete solution what you can use and adapt by your needs:


NOTE: Before you try this solution, you MUST made backup of your original file is something be broken.

I do not take responsibility if something goes wrong or not working like before. This is an example that works on many installations without problem but there is always a small chance that something will be broken. Use this at your own risk and responsibility.


This is not ultimate solution. If you want to get more speed, more optimizations and better conversion, you must do many other things to get all how you want to work or to ask someone who know all corners and secrets of web development.

Cheers! 😉

Boost WordPress Speed and Protect Site via.htaccess (WITHOUT A PLUGINS)
Article Name
Boost WordPress Speed and Protect Site via.htaccess (WITHOUT A PLUGINS)
You need speedup your WordPress website? You need protect your WordPress website? Here is good solution where is used ONLY .htaccess.