5 .htaccess Hacks That Increase WordPress Speed & Security

wordpess-htaccess-hacksDid you notice how fast this site is?

I’ve been experimenting with the .htaccess file on my wordpress blogs and I think I finally found a few hacks that really work.

The site is loading much faster than before, which is great because Google loves quick sites – and important landing pages can get visitors to convert quicker, too.

Added to that, these hacks make your wordpress site safe and secure. Who wouldn’t want to be protected from the evil hackers of the digital world?

I know I do.

So, below you’ll find 5 htaccess hacks you can add to your htaccess file today and experience the same increase in performance and protection.

It only take 10 seconds to copy and paste the codes. But first …

Where Can I Find my .htaccess File?

The first thing you need to do is download the filezilla FTP client. You can download it free here.

When you install it, log into you web server to view all of your domains and files. By default, you won’t be able to see the .htaccess file in the root of your domains because they’re hidden.

You’ll need to tell FileZilla to show you hidden files. Just click on [Server] then [Force Showing Hidden Files] and it’ll show up. Here’s a screenshot:


Now simply drag the .htaccess file to your desktop, and open it with notepad. If you don’t see an .htaccess file in the root directory, then that’s okay too. You’ll just need to create one, instead of editing the one you have.

To create one, open up Notepad, copy and paste the codes I’m going to be showing you and save the file as code.txt – then simply rename the file to .htaccess and you’re done.

5 Hacks That Improve WordPress

1. Protect the .htaccess file itself

The first code helps protect the .htacces file itself. You wouldn’t want anyone having access to that. Along with that code you also get code to disable directory browsing and disallow access to anyone not authorized to view them.

2. Use Browser Caching

The next code enables browser caching. This significantly improves website speed and performance. I’m sure there are plugins that do this, but this code is site wide. Even pages NOT created with wordpress will be cached and fed faster.

3. Protect the wpconfig.php file

There’s also code to protect the wpconfig.php file. Another very important file you don’t want the evil digital hackers to gain access to.

4. Eliminate Spam Bot Comments

Even with Akismet you can still get hundreds of spam comments. This code helps eliminate the ones that get through. It has helped a lot on my site.

IMPORTANT: Be sure to change ‘YOURDOMAIN.COM’ with your own domain, or else it won’t work.

5. Compress Static Data

Again, performance and speed are two important factors that shouldn’t be ignored. By compressing static data, you can save bandwidth and make your website lighter; which in turn makes your pages load faster.

Action Step:

Open up your .htacess file with Notepad and add (copy and paste) this code to the top. Then save the file and upload it to your root domain. Make sure to save it over the existing .htaccess file.

# protect the htaccess file
<files .htaccess>
order allow,deny
deny from all

# disable directory browsing
Options All -Indexes

#who has access who doesnt
order allow,deny
#deny from
allow from all

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg “access 1 year”
ExpiresByType image/jpeg “access 1 year”
ExpiresByType image/gif “access 1 year”
ExpiresByType image/png “access 1 year”
ExpiresByType text/css “access 1 month”
ExpiresByType application/pdf “access 1 month”
ExpiresByType text/x-javascript “access 1 month”
ExpiresByType application/x-shockwave-flash “access 1 month”
ExpiresByType image/x-icon “access 1 year”
ExpiresDefault “access 2 days”

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all

RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml 
application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html

That’s it. You’re done. That was easy, wasn’t it? Let me know how this improves your website performance. Leave it in the comments.

p.s. don’t forget to check out my 8-part inbound marketing course if you haven’t already.

build your audience guide


  1. says

    Great post, love the benefits this “hack” will offer. Worth noting for the non-technical folks out there (like me), that it’s always a good precaution to store a copy of your original file before making any changes. That way should things not go as planed, it’s an easy one-step process to get back to where you were before.

  2. Dave says


    I was watching a youtube video talking about this subject of protecting the .htaccess file.
    I noticed in the video that he put the same “” thing at the start and at the end of the code.
    Like this:
    order allow,deny
    deny from all

    Do you have to put the same “” at the start and at the end of the other commands as well?
    Like: <files Options All -Indexes ?

Leave a Reply

Your email address will not be published.