Tweak .htaccess to Improve WordPress Speed & Security

Tweak .htaccess to Improve WordPress Speed & Security

Whether you are a veteran of blogger or an online marketer, we all want our websites to load as fast as possible. Performance concerns are attached with each CMS or website builders. You can read Wix reviews, Squarespace reviews and other CMS reviews, you will see, security and performance worries are attached with each option. But if you are using WordPress, then there are some very effective ways to reduce the load times on your website using .htaccess tweaks. Here are eight ways you can speed up your WordPress site for the best possible performance. Before we begin, make a backup of your .htaccess file in case something goes wrong because of your host not supporting some of these changes. 

Create a duplicate file and rename it to .htaccess_mybackup. If you ever need to roll back simply rename the duplicate file to .htaccess after deleting the original and you will be good to go.

Improving your WordPress page speed and performance

  • Enable KeepAlive
  • Enable Browser Caching
  • Disable Image Hotlinking
  • Enable Server Level Caching

Enable Keep-Alive

Enabling Keep-Alive is one of the simplest ways to speed up your WordPress website. It allows your server and web browser to download any required resources from a single connection, thereby increasing the page’s load speeds. You can enable KeepAlive by adding the following in your WordPress .htaccess file.



Header set Connection keep-alive



Enable Browser Caching

One of the best ways to speed up your WordPress website is by enabling Browser Caching. Browser Caching works by enabling all websites to store resources like CSS or JS files for a specified time span. This means that your websites will not need to download the same files over and over again and would access already downloaded CSS or JS files for usage. Add the following to your .htaccess file.

# Cache Expire#


ExpiresActive OnExpiresByType application/pdf "access 1 month"

ExpiresByType image/gif "access 1 year"

ExpiresDefault "access 1 month"

ExpiresByType text/x-javascript "access 1 month"

ExpiresByType text/css "access 1 month"

ExpiresByType text/html "access 1 month"

ExpiresByType image/jpg "access 1 year"

ExpiresByType image/png "access 1 year"

ExpiresByType application/x-shockwave-flash "access 1 month"

ExpiresByType application/javascript "access 1 month"

ExpiresByType image/x-icon "access 1 year"

ExpiresByType image/jpeg "access 1 year"


# end speed cache#

Once done, you also need to cache control-headers on your website by adding the following code.

# TN - BEGIN Cache-Control Headers


<filesMatch "\.(ico|jpe?g|png|gif|swf)$">

Header set Cache-Control "public"


<filesMatch "\.(css)$">

Header set Cache-Control "public"</filesMatch>

<filesMatch "\.(js)$">

Header set Cache-Control "private"


<filesMatch "\.(x?html?|php)$">

Header set Cache-Control "private, must-revalidate"



# Cache Expire

Disable Image Hotlinking

Your site images can drastically slow down your website’s load times. Disabling image hotlinking not only allows you to reduce the amount of bandwidth used but also prevents spammers from using images from your website and hotlinking them to other places. Disabling hotlinking helps you save a lot of bandwidth, but also, prevents spammers from using your images.

To disable image hotlinking add the following code to your WordPress .htaccess file. Make sure you replace “” with the name of your website.

# Hotlinking disabled

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]

RewriteRule\.(jpg|jpeg|png|gif)$ – [NC,F,L]

# hostlinking disabled

Enable Server Level Caching

If your web host supports LiteSpeed server caching you should enable it for your WordPress website as server caching is known to reducing load times significantly aside offering other benefits. It allows the website to cache files directly at the server level before displaying data to your end users. To enable LiteSpeed server caching you need to insert the following to your .htaccess file. You also need to replace with the name of your website. If you do not have LiteSpeed access you should consider changing your web host as all of the best web host services offer it.

# Start speedcache


CacheEnable public

RewriteEngine On

RewriteCond %{REQUEST_METHOD} ^GET|HEAD$RewriteCond %{HTTP_HOST} ^|| [NC]

RewriteCond %{REQUEST_URI} !login|admin|register|post|cron

RewriteCond %{QUERY_STRING} !nocacheRewriteRule .* - [E=Cache-Control:max-age=300]


# end speed cache

Improving your WordPress site’s security

  1. Restrict Access to WP-Login file
  2. Rename .htaccess file
  3. Block Spammers
  4. Disable Directory Browsing

Restrict Access to WP-Login file

You should restrict access to the wp-login file to prevent anyone you do not want to be toying around with your previous WordPress files without your permission. You can easily do this by editing your .htaccess file to enable only specific IP addresses to gain access to the wp-login file. Replace the IP address with your IP address.

<Files wp-login.php> Order deny,allow Deny from All Allow from</Files>

Rename .htaccess file

Renaming your .htaccess file to make it harder to find can help you ward off people who want to spy on your files. Add the following code to your .htaccess file and replace the ht.access filename to anything you want to assign.

# rename htaccess files AccessFileNameht.access

Block Spammers

We discussed how we could disable hotlinking to stop spammers from hotlinking your images above. You can also completely block them out by adding a line of code to your .htaccess file. Whenever you face any spammers on your website simply add the following line and replace with the IP address of the spammer. Repeat this step as many times as you want to add multiple spammers to your block list.

<Limit GET POST PUT> order allow, deny allow from all deny from</LIMIT>

Disable Directory Browsing

If you do not want others to see what plugins you have installed, you should disable Directory Browsing to keep your directory protected from prying eyes. Add the following code to your .htaccess file. If you need to access it yourself simply edit the file again and remove the code.

# disable directory browsing Options All -Indexes

Whenever you setup a WordPress website, always review website builders to ensure you get the best possible security and performance, without you being required to tinker with your files to speed things up. Using the above tips should bring down the load times of and also enhance the security of your pages.

Author Bio: Catherrine Garcia is a passionate blogger and a freelance Web Developer. She along with her group of freelance developers, are experts of creating Websites on CMS. 

Radius Theme 3 years ago
my first visit to your site! I found your article very dream. Great sharing this info. You have written very good helpful information about latest subject. You could have given great information article that is very helpful for me. I wish to find out more information seriously regarding it.

Leave a Reply