The .htaccess file is a configuration file and is how Apache handles configuration changes on a per-directory basis. When a .htaccess file is stored in a directory, which is in turn ‘loaded via the Apache Web Server.’ Then the .htaccess File is detected and executed by the Apache Web Server software. Your .htaccess file is located in the root directory of your WordPress installation also known as “public_html” folder. If your Website Hosted on NGINX or LightSpeed Server, you will not have a .htaccess file. It will be something else. Ask your hosting provider.
These .htaccess files can enable & disable additional features and functionalities that the Apache Web Server software offers. These tools include basic redirect functionality. For example, if a file has not found (an 404 error) or more advanced functions such as content password protection or image hotlink restriction.
There are a lot of things you can do with the .htaccess File. You can do the following things with your WordPress website by just adding the following piece of code.
Please Note .htaccess file is the heart of your WordPress website so take its Backup before making any changes.
1) Disable AllowOverride
# increase performance by disabling AllowOverride
AllowOverride None
2) Enable Browser Caching
## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 year"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"
</IfModule>
3) Pass The Character Set
# pass the default character set
AddDefaultCharset utf-8
4) Preserve Bandwidth
# preserve bandwidth for PHP enabled servers
<ifmodule mod_php4.c>
php_value zlib.output_compression 16386
</ifmodule>
Using .htaccess File You can Protect your WordPress Website Security. Use the following code in your .htaccess File to protect your WordPress Website.
5) Disable Directory Browsing
Options -Indexes
6) Protect WordPress Configuration wp-config.php File
<files wp-config.php>
order allow,deny
deny from all
</files>
7) Ban Suspicious IP Addresses
<Limit GET POST>
order allow,deny
deny from xxx.xxx.xx.x
allow from all
</Limit>
8) Disable Image Hotlinking in WordPress Using .htaccess
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourotherwebsite.com [NC]RewriteRule \.(jpg|jpeg|png|gif)$ http://i.imgur.com/g7ptdBB.png [NC,R,L]
