Website Hosting Australia

OzySites Web Hosting

Simple .htaccess Settings to Increase Security of Most Websites

.htaccess file is located in the root directory of your website.
We will show how you can increase the security of your site with these simple parameters. The file content is for a site with WordPress hosting.

Without going into the details of this file, we can set up some entries within it to increase the security and also to set some other parameters to allow for better utilisation of your site caching.


# Disable directory browsing
Options -Indexes

# Hide the contents of directories
IndexIgnore *

# Deny access to filenames starting with dot(.)
<FilesMatch “^\.”>
Order allow,deny
Deny from all

# Deny access to these critical files
<Files ~ “error.log|wp-config.php|xmlrpc.php|php.ini|.htaccess”>
Order deny,allow
Deny from all

# BEGIN Gzip
<IfModule mod_deflate.c>
AddType x-font/woff .woff
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/vtt
AddOutputFilterByType DEFLATE text/x-component
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/js
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/ld+json
AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE font/eot font/otf
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/woff
AddOutputFilterByType DEFLATE application/x-font-woff
AddOutputFilterByType DEFLATE application/font-woff2
AddOutputFilterByType DEFLATE image/x-icon
# End Gzip

# Begin Expires headers configuration
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault “access plus 1 month”
# Assets
ExpiresByType text/css “access plus 1 month”
ExpiresByType application/javascript “access plus 1 month”
ExpiresByType application/x-javascript “access plus 1 month”
ExpiresByType text/javascript “access plus 1 month”
# Media assets
ExpiresByType audio/ogg “access plus 1 year”
ExpiresByType image/bmp “access plus 1 year”
ExpiresByType image/gif “access plus 1 year”
ExpiresByType image/jpeg “access plus 1 year”
ExpiresByType image/png “access plus 1 year”
ExpiresByType image/svg+xml “access plus 1 year”
ExpiresByType image/webp “access plus 1 year”
ExpiresByType video/mp4 “access plus 1 year”
ExpiresByType video/ogg “access plus 1 year”
ExpiresByType video/webm “access plus 1 year”
# Font assets
ExpiresByType application/vnd.ms-fontobject “access plus 1 year”
ExpiresByType font/eot “access plus 1 year”
ExpiresByType font/opentype “access plus 1 year”
ExpiresByType application/x-font-ttf “access plus 1 year”
ExpiresByType application/font-woff “access plus 1 year”
ExpiresByType application/x-font-woff “access plus 1 year”
ExpiresByType font/woff “access plus 1 year”
ExpiresByType application/font-woff2 “access plus 1 year”
# Data interchange
ExpiresByType application/xml “access plus 0 seconds”
ExpiresByType application/json “access plus 0 seconds”
ExpiresByType application/ld+json “access plus 0 seconds”
ExpiresByType application/schema+json “access plus 0 seconds”
ExpiresByType application/vnd.geo+json “access plus 0 seconds”
ExpiresByType text/xml “access plus 0 seconds”
ExpiresByType application/rss+xml “access plus 1 hour”
ExpiresByType application/rdf+xml “access plus 1 hour”
ExpiresByType application/atom+xml “access plus 1 hour”
# Manifest files
ExpiresByType application/manifest+json “access plus 1 week”
ExpiresByType application/x-web-app-manifest+json “access plus 0 seconds”
ExpiresByType text/cache-manifest “access plus 0 seconds”
# Favicon
ExpiresByType image/vnd.microsoft.icon “access plus 1 week”
ExpiresByType image/x-icon “access plus 1 week”
# HTML no caching
ExpiresByType text/html “access plus 0 seconds”
# Other
ExpiresByType application/xhtml-xml “access plus 1 month”
ExpiresByType application/pdf “access plus 1 month”
ExpiresByType application/x-shockwave-flash “access plus 1 month”
ExpiresByType text/x-cross-domain-policy “access plus 1 week”
# End Expires headers configuration


Enjoy these tips as this will make better use of your site for returning visitors too.