Web resource protection, page redirects, caching and other features can be organized using the .htaccess file, if allowed in the Apache main configuration file. A site running on the Apache web server is the most common option. The share of other hosting support options is not so small, but to know and assume the placement of a web resource based on the Apache web server is always a safe option for creating a reliable and high-quality website.
Reasons to protect with .htaccess
When the browser accesses the site, the rules specified in the .htaccess file are used. For example, to check the legitimacy of the visitor’s actions or redirect to another resource. Any change to this file takes effect instantly.
WordPress Site Management System (CMS) is very popular and this is a good reason to deal with security issues.
If the site was written from scratch without using any CMS, hacking it would be more difficult. If the site is based on popular tools, there is always a chance that an attacker will gain the necessary knowledge and attempt to steal content or harm a web resource.
The site’s own employees, who have a personal interest in creating problems for the employer, can pose a particular danger to the site, especially when they believe that they were “offended”, their dismissal was not legal or that they were paid too little wages.
Competitors can create obstacles to remove an opponent from the market, and free hackers can show interest simply out of curiosity or the desire to learn how to break web resources. The world of the Internet is an environment for the implementation of various plans and ideas, which are not always legitimate and positive. You need to be able to protect your resources and interests.
Common reasons for using .htaccess
The .htaccess file is located in the root of the site and manages it. These are not only bans, but also permissions. Through the rules, you can control caching and speed up the site or organize a redirect of pages. You can distribute administrative functions by various IP addresses, determine who can change, read, or write to whom and what.
Rules can be written in folders. The root .htaccess file for WordPress contains the lines of the beginning of the code controlled by this content management system: lines between "# BEGIN WordPress" and "# END WordPress", as well as other rules from the hoster or site administrator. The latter can create its own additional .htaccess files in WordPress folders to determine the valid actions for files and internal folders.
Protection and permissions management is built in the style of inheritance. That is, the .htaccess file located in the root of the site acts on the entire site, and the file located, for example, in the wp-content folder, has an additional effect on the files and subfolders inside.
Objects of special attention
The .htaccess file for WordPress should take into account the structure of folders and the placement of information. You should never discount the possibility of problems installing PHP when, in the event of an unexpected failure or systematically prepared attack, important CMS files (wp-config, theme files, settings or plugins) will be read by an attacker.
Spam and avalanche-like commenting can come from certain addresses or in a certain style (in time, in content, in attack logic, etc.). Analyzing the position and content of the site, guessing about possible problems, it is important to evaluate your own web resource as a collection of objects subject to special attention and, on this basis, determine the system of prohibition and permission rules to create the correct .htaccess file.
It is important to combine the interests of the main object (visitor) and the capabilities of your own resource on the Web (site). If the site represents the face of the company, contains confidential information or is a source of income, then it represents a system of objects of special attention.
To create a site is a small task, to ensure its normal functioning is the main task. The .htaccess file for WordPress doesn’t have to be changed so often. This system works stably, reliably, and developers are constantly improving its characteristics in terms of protection against intruders. But viewing the protection rules and current permissions for the site administrator will never be superfluous.
Redirects to standard situations
A redirect may be needed in various situations. For example, when transferring a web resource to another hosting, for SEO or correct page indexing, to translate long links into short ones.
The redirect is most often used in situations 401, 403, 404 and 500. Server status pages 404 and 500 are the most frequently used, but very rarely resource owners benefit from them or use the ability to redirect to a normally prepared page with thoughtful content.
The situations “page not found”, “authorization error”, “server failure” or other server status are not a reason to draw a stop sign, inform about the “server problem”, it is more expedient to take the user to a working page and ensure his work.
Here .htaccess for WordPress acts as a buffer to close the problem that arose on the site. And it is not at all necessary to take the visitor to another page of the site, you can bring him to another page of another resource and form a message to the administrator about the problem.
In all situations, it is important to provide what the visitor needs when he aims to use the site for its intended purpose and block any illegal actions by an attacker, hacking attempts or theft of content.
Site Content Caching
Capacitive content, images, texts or pages as a whole can be formed once and not transmitted to the client (browser) with each new request. The .htaccess file for WordPress can provide a solution to the problem of generating and transferring only updated elements to the visitor’s browser.
Caching speeds up access to the site, but does not optimize it. Applying the rules for caching, you need to be extremely confident in their objectivity and focus.
It is better to lose a few seconds in the download and refer to the slowness of the engine or server delays than to provide the visitor with stale content.
Website optimization and caching options are best provided for in the site code. The correct .htaccess for WordPress should not concern the content of the site and affect the features of the formation of the content of each page.
Caching is a “relic of the past”, relevant for large amounts of information, data migration, analytical processes, etc.
Site plus AJAX technology is an update to the page element. Overloading pages is not allowed. If a visitor came to the site, it is not at all necessary to provide him with a motley leap of pages. One page is enough, the content and functionality of which changes as necessary.
General rules for combining .htaccess and site
The web resource for .htaccess has the same relationship as building to its foundation. The only difference: here the foundation can be changed quickly, that is, the site can be moved to another hosting.
By setting up a redirect in .htaccess, the WordPress site does not lose much. But you can write everything in a notebook or file and then redo it using the tools of the site management system or the possibilities of a new hosting.
Organizing caching or prohibition / permission rules using .htaccess tools is also a practical task, but on a new hosting all this can be done automatically. Reasonably combining .htaccess and WordPress is when everyone is responsible for their site.
A web resource should be a fully functional product that fully automatically works on any hosting.
Step-by-step instructions for use .htaccess
If the hosting option is unambiguously defined and you need to navigate to the Linux platform web server, you should carefully read the Apache web server configuration guide and get permission from the host to independently configure the settings in the .htaccess files that will be located in various folders on the site.
The general creation order for WordPress .htaccess (https - you will need another SSL certificate) is as follows:
- Get a general idea of the rules and their records on official sources (Apache).
- To systematize the protection requirements: the ban on reading and access to .htaccess, wp-config.php and the wp-content folder is unambiguous, the rest of the files and folders on the site by their purpose and level of confidentiality.
- To provide for the redirection of 301 WordPress in .htaccess for the time of transferring the site to another hosting or for the duration of the maintenance work.
- Fix all completed actions on paper. It is not advisable to store important information on configuring .htaccess electronically.
The administrator of a web resource hosted on the Apache web server at any given time must know exactly what .htaccess is responsible for and what is assigned to WordPress CMS.
Own server or external hosting
Before acquiring an SSL certificate for secure sites (https), you should clarify the possibility of providing it with your own hoster. Before focusing on a specific external hosting, you should evaluate the possibility of using your own server. If there is such an opportunity, then you should make the choice of the optimal Linux system and build your own web server.
Choosing your own Linux platform is the ideal foundation for any site. A good idea of configuring httpd.conf and .htaccess is important and necessary.
Setting up a web server and .htaccess is accessible even to a beginner. It is worth spending one or two weeks, and your own hosting will allow you to contain not only a working site, but also create an environment for developing numerous web resources with perfect control of access rights without any control from any hoster.
Dynamic redirect
A professional site should not depend on the hosting on which it is hosted. WordPress site management system is a simple installation and comfortable use in the process of creating and maintaining a site.
Situations when the site will need to be put on “repair” for updating or maintenance are determined by the scope, not the site or CMS. But to provide for web resources on WordPress a redirect (301) in .htaccess is necessary. A site that works and suits everyone is an ideal option. But it is always better to play it safe.
A site that has a duplicate, which at any given time is updated to the level of the current original, is an excellent protection against hacking, unexpected power failure or server outage for another reason.
Having your own hosting is advisable even when you have your own site in the prestigious Beget. Nothing prevents you from maintaining a working site on Bedget, but a copy on your own server. It is not a problem to instantly provide a redirect (301) in .htaccess in WordPress, but visitors will not even notice that an "electronic" disaster actually occurred.