htaccess file clean up

my htaccess file is not tuned
I needed to add some code for my catching and saw that my previous code of multisite, hummingird and defender was different.

## BEGIN WORDPRESS
##<IfModule mod_rewrite.c>
#RewriteEngine On
#RewriteBase /
#RewriteRule ^index\.php$ - [L]
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule . /index.php [L]
#</IfModule>
## END WORDPRESS ##
## BEGIN NETWORK SETUP ##
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
## END NETWORK SETUP ##
# BEGIN WP-HUMMINGBIRD-CACHING
# END WP-HUMMINGBIRD-CACHING
## WP Defender - Prevent information disclosure
##<FilesMatch "\.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$">
Order allow,deny
Deny from all
</FilesMatch>
## WP Defender - End ##

How should I tune it?

  • Adam Czajczyk

    Hello Renaat,

    I hope you're well today and thank you for your question!

    The ".htaccess" that you posted indeed doesn't look proper. First of all, it includes two set of rules where first one is for standard single WordPress install and the second one is for Multisite.

    Is your site a Multisite network and if so is it sub-domain or sub-folder based?

    I would start with reverting .htaccess to default one. You will find default rules on this page:

    https://codex.wordpress.org/htaccess

    Use only one of three codes provided there. First one (under "Basic WP") is for standard (single) Wordpress install. Then, under the "Multisite" section you got a "subfolder example" and a "subdomain exmple" so use the one please that matches your site setting:

    - if you sub-sites are like "subsite.domain.com" use a "subdomain example" code
    - if they are like "domain.com/subsite" use a "subfolder example"

    Make sure that you actually replaced your existing .htaccess content with one of those instead of adding to it.

    This should give you a good start: a default,j proper .htacces. Then I would suggest going to "Hummingbird -> GZIP compression" and "Hummingbird -> Browser caching" pages and letting Hummingbird enable those features automatically. It should be able to add necessary codes itself.

    The same applies to Defender fixes, let plugin do this.

    In case it didn't help, let me know please and I'll assist you further.

    Best regards,
    Adam

  • Avatar

    Thanks Adam
    Starting with a blank .htaccess file gave my multisite subdomain install the necessary improvements.
    I copied the mentioned wp code

    About Hummingbird
    - my website host have a server side caching connected with their wp plugin. Should I still use the hummingbird cach?
    - my website host gave me .htaccess instructions to enable GZIP, should I still use hummingbird Gzip settings?
    - Since I am running on a shared server, do I not know how to turn them on. I can not set my personal NGINX settings

    About Defender
    Same NGINX settings, so I guess I have to ingnore the "prevent information disclosure" settings.

  • Dimitris

    Hey there Renaat,

    hope you're doing good and don't mind me chiming in! :slight_smile:

    my website host have a server side caching connected with their wp plugin. Should I still use the hummingbird cach?

    This shouldn't any issue actually. In case browser caching were already enabled in your server then you should be able to see its status in HummingBird -> Browser caching page under the "current" column.

    my website host gave me .htaccess instructions to enable GZIP, should I still use hummingbird Gzip settings?

    There shouldn't be much differences between these two I suppose. You can try inserting the ones from your host and then check the "status" column in HummingBird -> GZIP page. If those aren't set as "enabled", then try to remove previous code and use HB's instead.

    Since I am running on a shared server, do I not know how to turn them on. I can not set my personal NGINX settings

    Unfortunately this should be set from your hosting provider I'm afraid. Have you tried asking them to apply this one for you? And if it's possible at all?

    About Defender
    Same NGINX settings, so I guess I have to ingnore the "prevent information disclosure" settings.

    You can ignore that for now, as this also resolves to my previous statement about your hosting architecture.

    Warm regards,
    Dimitris

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.