New thing! So many people email me for tech support, which I’m pretty clear on how you’re not going to get it. But Ken (the web mechanic) asked some pretty basic questions, and I’ve decided to answer some of them.
In public. Lucky you, Ken. Don’t worry! These were good questions. See, one of the (many) reasons I love WordPress and the support forums is that the answers are public so everyone can see what the question was and how it was answered! This is hugely important to foster a community, so that’s why I’m going to answer this in public, with your personal information removed, of course.
Ken’s basic concern is that .htaccess is confusing, and is there a preferred order? The answer is yes. The basic idea is that .htaccess rules are a top-down process. The server reads the file from the top on down, in order, 1-2-3. For this reason alone, it’s obvious why you don’t want a super long .htaccess file: more to read takes longer!
The WP permalink area… Should that always be dead last?
Yes! WordPress rules always go last. Remember what I said about top-down? If you were to put WordPress at the top, you would load WordPress, process it, and then do the rest of the rules. Which once you say that, it’s pretty obvious eh?
Deny IP addresses/ referrers. To me it would make sense for them to be at the beginning… Would that be true?
True! The access controls (including IP blocks) first. Redirects go next, starting from most specific (about-me to about) first to general last. Then your Rewrite rules.
Compression/Caching/mod_expires… I haven’t a clue where they most appropriately go. Securing wp-config, htaccess itself, other files, etc. … Before? After? the WP permalink block.
I put them before my re-writes. Since I use a deny to secure .svn type files, it’s an access control so it goes first.
So how does this work? Here’s a practical example. You want to do the following: remove www from your domains, protect your wp-config file, protect your comments and login from direct attacks, redirect some old pages from before you were WordPress, redirect your old permalink formats, and gzip/compress things. Oh and run WordPress!
The order would go like this:
- Access Control: This is the part where we’re protecting specific files, but also blocking IPs. Basically it’s ‘Security First.’
- Remove WWW: We want to make sure everyone’s redirected to the non-www page. If you’re redirecting specific domains (like I send tech.ipstenu.org to halfelf.org), you do it here as well.
- GZIP: I do my compression here, though it woudl work just as well swapped out with the next one.
- Redirect: Here we’re talking one-off redirects like sending ‘about-me’ to ‘about’.
- Rewrite: The ReWrite rules are the ones where you say “Send http://example.com/2014/01/10/postname/ to http://example.com/postname/” with those rules with regex.
- WordPress Rules: Last. Always always last.
And that is .htaccess!
If you want a look at how my .htaccess is structured, see My super-secret .htaccess file, which hasn’t changed much since 2013. I do a couple things out of order, but they’re minor enough. As long as I can limit any recursive loops with the .htaccess checks, I’m doing good.
Comments
4 responses to “Mailbag! .htaccess questions”
I am glad you answered those questions from mechanic :).
As I have been wondering same since I started using WordPress.
But mostly, I try to avoid getting my hands dirty with htaccess rules, but sometimes I have to and than I always felt like lost.
I am sure it won’t be the case from now on (at-least it will be easier than before).
Thanks. >:D
@syed: I love .htaccess. It’s one of the reasons I keep grumping about nginx π
Hi Mika,
Thank you!
As I’m sure you know, there is *all* sorts of information “out there” on best practices concerning .htaccess files – a lot of it conflicting! I’ve been doing WordPress for years and I still can get overwhelmed! When I read your post, My super secret .htaccess file, I knew I just had to ask the question!
Yours is the clearest, most concise, logical and well explained primer on .htaccess rule order I’ve yet to find!
Merci!!
@Ken: When I got your email, I thought ‘Surely he’s missing some awesome URL that … *google* … *bing* … Oh. WOW.”
It’s funny, but I suppose it gets complicated because the middle bit really can be reordered. I should add that the individual rewrites should go from the order of MOST exact to least. So if you’re looking for example.com/yyyy/mm/dd/postname AND example.com/yyyy/mm/postname, start with the longer URL first.