Rate my .htaccess code

[ad_1]

I use this code for my .htaccess file on pretty much all of my (custom WordPress themed) builds. I’m curious if anyone has anything better in terms of performance and security. I’m open to any feedback.

<Files xmlrpc.php>
Order Allow,Deny
Deny from all
</Files>

<IfModule mod\_headers.c>
Header set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload” env=HTTPS
Header set X-XSS-Protection “1; mode=block”
Header set X-Content-Type-Options “nosniff”
Header always append X-Frame-Options “SAMEORIGIN”
Header set Referrer-Policy “no-referrer-when-downgrade”
Header set Content-Security-Policy “default-src https: ‘unsafe-eval’ ‘unsafe-inline’ ‘self’; object-src ‘self’; font-src https: data: ‘self’ http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: ‘self’; img-src https: data: ‘self’ http: \*.gravatar.com; worker-src blob: https: ‘self’ ‘unsafe-inline’ ‘unsafe-eval’; media-src https: blob: ‘self’; style-src https: ‘unsafe-eval’ ‘unsafe-inline’ ‘self’ http: fonts.googleapis.com”
Header always set Permissions-Policy “accelerometer=(), autoplay=(), camera=(), encrypted-media=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), sync-xhr=(), usb=()”
</IfModule>

BEGIN WordPress

The directives (lines) between “BEGIN WordPress” and “END WordPress” are

dynamically generated, and should only be modified via WordPress filters.

Any changes to the directives between these markers will be overwritten.

<IfModule mod\_rewrite.c>
RewriteEngine On
RewriteRule .\* – \[E=HTTP\_AUTHORIZATION:%{HTTP:Authorization}\] RewriteBase /
RewriteRule \^index\\.php$ – \[L\] RewriteCond %{REQUEST\_FILENAME} !-f
RewriteCond %{REQUEST\_FILENAME} !-d
RewriteRule . /index.php \[L\] </IfModule>
\# END WordPress

EXPIRES CACHING

<IfModule mod\_expires.c>
FileETag MTime Size
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
ExpiresActive On
ExpiresByType text/html “access 600 seconds”
ExpiresByType application/xhtml+xml “access 600 seconds”
ExpiresByType text/css “access 1 month”
ExpiresByType text/javascript “access 1 month”
ExpiresByType text/x-javascript “access 1 month”
ExpiresByType application/javascript “access 1 month”
ExpiresByType application/x-javascript “access 1 month”
ExpiresByType application/x-shockwave-flash “access 1 month”
ExpiresByType application/pdf “access 1 month”
ExpiresByType image/x-icon “access 1 year”
ExpiresByType image/jpg “access 1 year”
ExpiresByType image/jpeg “access 1 year”
ExpiresByType image/png “access 1 year”
ExpiresByType image/gif “access 1 year”
ExpiresDefault “access 1 month”
</IfModule>
\## EXPIRES CACHING ##

BEGIN GZIP COMPRESSION

<IfModule mod\_gzip.c>
mod\_gzip\_on Yes
mod\_gzip\_dechunk Yes
mod\_gzip\_item\_include file \\.(html?|txt|css|js|php|pl)$
mod\_gzip\_item\_include handler \^cgi-script$
mod\_gzip\_item\_include mime \^text/.\*
mod\_gzip\_item\_include mime \^application/x-javascript.\*
mod\_gzip\_item\_exclude mime \^image/.\*
mod\_gzip\_item\_exclude rspheader \^Content-Encoding:.\*gzip.\*
</IfModule>
\# END GZIP COMPRESSION

BEGIN DEFLATE COMPRESSION

<IfModule mod\_filter.c>
AddOutputFilterByType DEFLATE “application/atom+xml” \\
“application/javascript” \\
“application/json” \\
“application/ld+json” \\
“application/manifest+json” \\
“application/rdf+xml” \\
“application/rss+xml” \\
“application/schema+json” \\
“application/vnd.geo+json” \\
“application/vnd.ms-fontobject” \\
“application/x-font-ttf” \\
“application/x-javascript” \\
“application/x-web-app-manifest+json” \\
“application/xhtml+xml” \\
“application/xml” \\
“font/eot” \\
“font/opentype” \\
“image/bmp” \\
“image/svg+xml” \\
“image/vnd.microsoft.icon” \\
“image/x-icon” \\
“text/cache-manifest” \\
“text/css” \\
“text/html” \\
“text/javascript” \\
“text/plain” \\
“text/vcard” \\
“text/vnd.rim.location.xloc” \\
“text/vtt” \\
“text/x-component” \\
“text/x-cross-domain-policy” \\
“text/xml”
</IfModule>
\# END DEFLATE COMPRESSION

php — BEGIN cPanel-generated handler, do not edit

Set the “ea-php81” package as the default “PHP” programming language.

<IfModule mime\_module>
AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
\# php — END cPanel-generated handler, do not edit

[ad_2]
1 Comment

  1. I can’t critique it too much but what’s the thinking behind it and the benefits over the default .htaccess?

    The only customisation I do really is to plug the xmlrpc vulnerability.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer