htaccess is the main entry point for any WordPress website. When you enter an url to a WordPress website, url request is sent to the server and it is then handled by WordPress using rewrite rules defined in the htacess file.

Often, htaccess file is managed by WordPress core and caching plugins like Litespeed or W3TC. But it is a simple text file, so we can edit that too using any FTP and code editing tools.

In this post, I am sharing you my ultimage htaccess configuration suitable for busy websites with high-volume visitor traffic. For small and highly static web sites, the optimizations here may not be required.


Ultimate High Speed .htaccess Configuration

  1. Open your favorite FTP tool to download .htaccess file in the root of your WordPress installation directory.
    Note. That file is a hidden file by default, you need to switch show hidden files option on your FTP application if it is not visible.
  2. Download htaccess and make sure you make a backup copy before changing the server version.
  3. Paste following code on top of the file, before any other rules defined in the file:
<IfModule mod_headers.c>
# Increase Security
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header always unset X-Powered-By
Header unset X-Powered-By

# Maximum Browser Cache for Static Resources
<FilesMatch "\.(webp|jpg|jpeg|png|gif|ico)$">
Header set Cache-Control "max-age=31557600, public"
Header unset ETag
Header set Connection keep-alive
FileETag None
</FilesMatch>

# 30 Days Browser Cache for CSS and Javascript files
<FilesMatch "\.(css|js)$">
Header set Cache-Control "max-age=2592000, public"
Header unset ETag
Header set Connection keep-alive
FileETag None
</FilesMatch>
</IfModule>

# Serve Static Files Directly w/o using WordPress
<IfModule mod_rewrite.c> 
RewriteEngine On 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteCond %{REQUEST_URI} !(robots\.txt|[a-z0-9_\-]*sitemap[a-z0-9_\-]*\.(xml|xsl|html)(\.gz)?) 
RewriteCond %{REQUEST_URI} \.(css|htc|less|js|js2|js3|js4|html|htm|rtf|rtx|svg|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|_ttf|wav|wma|wri|woff|woff2|xla|xls|xlsx|xlt|xlw|zip)$ [NC] 
RewriteRule .* - [L] 
</IfModule>
  1. Finally upload the file to the server.

How Does It Work?

This file improves security by adding X-XSS-Protection header, and removing PHP version from the request. It also prevents website to be displayed in an iframe.

For the performance side, it forces user’s browser to cache static resources a long time. Those resources are images which rarely change after uploading, and css and js files, which are generally static.

And finally, it removes WordPress’ handling of static resources, so your static files won’t use any PHP resources on your server.


I hope you find this configuration useful on your projects. Check out our WP Tips and How To categories for more posts like this.

Ciao!