zartgesotten
6/28/2018 - 2:32 PM
htaccess performance wordpress speed caching and security default
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 1 month"
# CSS
ExpiresByType text/css "access plus 2 days"
# Data interchange
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType application/rdf+xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType application/ld+json "access plus 0 seconds"
ExpiresByType application/schema+json "access plus 0 seconds"
ExpiresByType application/vnd.geo+json "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType text/xml "access plus 0 seconds"
# Favicon (cannot be renamed!) and cursor images
ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
ExpiresByType image/x-icon "access plus 1 week"
# HTML - Behält die Website eine Stunde im Cache, neues wird erst nach Ablauf einer Stunde
# angezeigt. Wenn nicht gewuenscht, bei 3600 eine Null eintragen
ExpiresByType text/html "access plus 3600 seconds"
# JavaScript
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType application/x-javascript "access plus 1 year"
ExpiresByType text/javascript "access plus 1 year"
# Manifest files
ExpiresByType application/manifest+json "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"
# Media files
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType image/bmp "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType image/webp "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
# Web fonts
# Embedded OpenType (EOT)
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType font/eot "access plus 1 month"
# OpenType
ExpiresByType font/opentype "access plus 1 month"
# TrueType
ExpiresByType application/x-font-ttf "access plus 1 month"
# Web Open Font Format (WOFF) 1.0
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType font/woff "access plus 1 month"
# Web Open Font Format (WOFF) 2.0
ExpiresByType application/font-woff2 "access plus 1 month"
# Other
ExpiresByType text/x-cross-domain-policy "access plus 1 week"
</IfModule>
<IfModule mod_deflate.c>
# Insert filters / compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/vtt
AddOutputFilterByType DEFLATE text/x-component
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/js
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/ld+json
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/font-woff2
AddOutputFilterByType DEFLATE application/x-font-woff
AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff
AddOutputFilterByType DEFLATE font/woff
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
# Exception: Images
SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary
# Drop problematic browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>
#Alternative caching using Apache's "mod_headers", if it's installed.
#Caching of common files - ENABLED
<IfModule mod_headers.c>
<FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(js|css|xml|gz)$">
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
# Set Keep Alive Header
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>
# If your server don't support ETags deactivate with "None" (and remove header)
<IfModule mod_expires.c>
<IfModule mod_headers.c>
Header unset ETag
</IfModule>
FileETag None
</IfModule>
<IfModule mod_headers.c>
<FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$">
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>
# Beispiel-Codeschnipsel für die WordPress-htaccess-Datei
# https://www.wp-sicherheit.info
# Marc Nilius, info@wp-sicherheit.info
# Mit Material von Zodiac1978, siehe auch https://gist.github.com/Zodiac1978/d25a8f3aebba7cd1c01c
#
# Diese Codeschnipsel gehören in die .htaccess-Datei im Hauptverzeichnis von WordPress
# Jeder einzelne Bestandteil kann einzeln kopiert und genutzt werden.
# Bitte die Verwendungshinweise (Kommentare) an jedem Schnipsel beachten
#
# Full Path Disclosure (FPD) verhindern
# mod_php7.c zu mod_php5.c für PHP < 7
<IfModule mod_php7.c>
php_flag display_errors Off
</IfModule>
# Verzeichnislisting verhindern
# Options All -Indexes
# Allgemein Zugriff auf temporäre Dateien o.ä. und sonstige generell nicht sinnvolle Dateien verhinden
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist|txt)|~)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# Zugriff auf die robots.txt wieder erlauben
# (ist über die obige Regel automatisch mit ausgeschlossen worden)
<Files robots.txt>
Order allow,deny
Allow from all
</Files>
# Zugriff auf htaccess und htpasswd verhindern
<Files ~ "^[\._]ht">
Order Allow,Deny
Deny from all
Satisfy All
</Files>
# Zugriff auf diverse WordPress-Dateien verhindern
<FilesMatch "(wp-config.php|wp-config-sample.php|liesmich.html|readme.html)">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# Zugriff auf die install.php verhindern
# auskommentieren, um die Installation von Wordpress auszuführen
<Files install.php>
Order allow,deny
Deny from all
Satisfy All
</Files>
# Zugriff auf die XML-RPC-Schnittstelle verhindern
# Diesen Teil nur aktivieren/nutzen, wenn die XML-RPC-Schnittstelle nicht benötigt wird.
<Files xmlrpc.php>
Order Allow,Deny
Deny from all
</Files>
# Includes-Dateien ausschließen
# Auchtung bei Benutzung in Multisite-Umgebungen!
# See: http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin
<IfModule mod_rewrite.c>
RewriteEngine On
# RewriteBase muss ggf. angepasst werden, je nach Serverkonfiguration
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# Header mit Versionsinfos deaktivieren
<IfModule mod_headers.c>
Header unset X-Powered-By
Header unset X-Pingback
Header unset SERVER
</IfModule>
# PHP im Uploads-Verzeiochnis verhindern
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^(wp-content/uploads/.+.php)$ $1 [H=text/plain]
</IfModule><IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/cache-manifest
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/vcard
AddOutputFilterByType DEFLATE text/vnd.rim.location.xloc
AddOutputFilterByType DEFLATE text/vtt
AddOutputFilterByType DEFLATE text/x-component
AddOutputFilterByType DEFLATE text/x-cross-domain-policy
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/ld+json
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/manifest+json
AddOutputFilterByType DEFLATE application/rdf+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/schema+json
AddOutputFilterByType DEFLATE application/vnd.geo+json
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE font/eot
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE image/bmp
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/vnd.microsoft.icon
AddOutputFilterByType DEFLATE image/x-icon
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css A2419200
ExpiresByType text/x-component A2419200
ExpiresByType application/x-javascript A2419200
ExpiresByType application/javascript A14515200
ExpiresByType text/javascript A14515200
ExpiresByType text/x-js A2419200
ExpiresByType text/html A3600
ExpiresByType text/richtext A3600
ExpiresByType image/svg+xml A3600
ExpiresByType text/plain A3600
ExpiresByType text/xsd A3600
ExpiresByType text/xsl A3600
ExpiresByType text/xml A3600
ExpiresByType video/asf A2419200
ExpiresByType video/avi A2419200
ExpiresByType image/bmp A2419200
ExpiresByType application/java A2419200
ExpiresByType video/divx A2419200
ExpiresByType application/msword A2419200
ExpiresByType application/vnd.ms-fontobject A2419200
ExpiresByType application/x-msdownload A2419200
ExpiresByType image/gif A31104000
ExpiresByType application/x-gzip A2419200
ExpiresByType image/x-icon A2419200
ExpiresByType image/jpeg A31104000
ExpiresByType image/webp A31104000
ExpiresByType application/json A2419200
ExpiresByType application/vnd.ms-access A2419200
ExpiresByType audio/midi A2419200
ExpiresByType video/quicktime A2419200
ExpiresByType audio/mpeg A2419200
ExpiresByType video/mp4 A2419200
ExpiresByType video/mpeg A2419200
ExpiresByType application/vnd.ms-project A2419200
ExpiresByType application/x-font-otf A2419200
ExpiresByType application/vnd.ms-opentype A2419200
ExpiresByType application/vnd.oasis.opendocument.database A2419200
ExpiresByType application/vnd.oasis.opendocument.chart A2419200
ExpiresByType application/vnd.oasis.opendocument.formula A2419200
ExpiresByType application/vnd.oasis.opendocument.graphics A2419200
ExpiresByType application/vnd.oasis.opendocument.presentation A2419200
ExpiresByType application/vnd.oasis.opendocument.spreadsheet A2419200
ExpiresByType application/vnd.oasis.opendocument.text A2419200
ExpiresByType audio/ogg A2419200
ExpiresByType application/pdf A2419200
ExpiresByType image/png A31104000
ExpiresByType application/vnd.ms-powerpoint A2419200
ExpiresByType audio/x-realaudio A2419200
ExpiresByType image/svg+xml A31104000
ExpiresByType application/x-shockwave-flash A2419200
ExpiresByType application/x-tar A2419200
ExpiresByType image/tiff A2419200
ExpiresByType application/x-font-ttf A2419200
ExpiresByType application/vnd.ms-opentype A2419200
ExpiresByType audio/wav A2419200
ExpiresByType audio/wma A2419200
ExpiresByType application/vnd.ms-write A2419200
ExpiresByType application/font-woff A31104000
ExpiresByType application/font-woff2 A31104000
ExpiresByType application/vnd.ms-excel A2419200
ExpiresByType application/zip A2419200
</IfModule>