Posts Tagged ‘How To’

How to build a responsive WordPress Theme with Twitter Bootstrap Framework


WordPress themes have become popular across the world, as it is best suited for building websites with attractive themes and templates. To make WordPress even more lucrative and user friendly, Bootstrap framework is utilized which helps in developing innovative and creative applications and websites. With different bootstrap frameworks, it has become easy to create a website, which is responsive and comprehensive in every manner. Amidst different bootstrap frameworks, twitter bootstrap framework has become quite popular.

Reach new readership and increase search ranking for your content with AtContent WordPress Plugin


AtContent plugin helps content owners to reach new audiences, provides backlinks for their posts and gains content control across the Internet.  With this plugin, professionals are able to prevent plagiarism, monetize reposts and sell their work: articles, books, magazines, files.

AtContent Plugin Review


AtContent brands your post with your name by wrapping it in a special widget allowing to read and repost publications for free or for a fee.

The plugin can be found in a free version, available on WordPress.

Why to install?

  • Your content gets branded with your name. With reposts and plagiarism prevention you always get credit for your work.
  • You gain full control over your content with the opportunity to block unwanted copies.
  • AtContent plugin increases your site’s search ranking by getting free backlinks for every publication.
  • AtContent helps you to increase your readership by getting new audience on other sites.
  • Content monetization has never been so easy and diverse!

Step 1: Installation and connection


When you download  the plugin, AtContent can be installed like any other plugin. After the installation, in the left side of the dashboard the AtContent Menu appears.

The menu contains the following options:

  • AtContent – here you can brand your posts and get as many backlinks as many posts you have.  Additional features – plagiarism prevention, reposts monetization, comments and notifications also available here.
  • Connection – on this tab you can connect your blog to AtContent and use all its advantages.
  • Known Issues – here you can turn off AtContent processing for specific pages and customize AtContent integration with other plugins.

 Connection to AtContent platform

The AtContent plugin provides all its functions only when it is connected to AtContent platform. To connect the plugin you need to click the “Connect” button from AtContent or Connection tabs.


If you do not have an AtContent account you will be asked to create one. Connect with Facebook or fill in the fields:


Once the plugin is activated and connected,you get the ability to control your content all over across the Internet, not just on your blog.

Step 2: Settings


On the AtContent tabyou can brand your posts and get backlinks by clicking “Import”.

Additional options:

  • Prevent plagiarism for all posts – disable usual browser tools to copy and paste text, e.g. Ctrl+C and context menu.
  • Turn on paid repost for all posts – charge your readers for reposting any your publication. Mainly, this option is for people who have lots of quality content and don’t want to give it away for free.
  • Import post comments into AtContent plugin comments – this turns all comments you already have to AtContent comments. AtContent comments are visible and can be answered on any website where the publication was reposted.
  • Reset all AtContent settings– brings all settings to default.

Advanced settings:

  • Turn off plugin features for a main page – this turns off widget wrapping for main page posts. This is done because widgets may have improper display in non-standard WordPress themes. When you have all your posts imported or have created the first post after plugin installation, uncheck this checkbox and look at the main page of your blog. If it looks ok,  leave it, if it is not, check it again.
  • Turn off plugin comments – if you do not want AtContent plugin comments, turn it off  here.
  • Turn off “Share and repost and get $$$” line – to turn off the invitation to share your paid posts check this checkbox.



For instant content branding, cloud backup and backlinks it’s needed to import your blog posts to AtContent. For this you only need to click the “Import” button on a plugin settings page and wait a few minutes. After the process is done every your post must get the following panel at the bottom:

If  it did not appear, go to the settings and uncheck the “Turn off plugin features for a main page” option.

Step 3: Creating paid and paid repost publications

AtContent plugin tweaks the publication process and adds the opportunity to charge your readers for reading or reposting your posts.  Look at the AtContent  Post Settings Panel at the bottom of the usual post editor:


  • Process post through AtContent API – if this option is turned off you will disable AtContent plugin for this post.
  • Protect post from plagiarism – disable usual browser tools to copy and paste text, e.g. Ctrl+C and context menu.
  • Post type – Free/Donate/Paid/Paid Repost.
  • Import post comments into AtContent – import WordPress comments to AtContent for interaction with reposters and their readers.

If you select “Paid” type of publication, the second text field will appear on the post creation screen. The upper field if for the free part of your post. Here you should add a brief description that attracts readers to buy the full version. The lower text field is for the paid part, which cannot be seen unless a reader pays the needed amount of money.


A paid publication with expanded purchase panel is displayed below:


Donatable and  paid repost publications can be created in the same way, except you select other publication type.

Example of a donatable publication
Example of a paid publication
Example of a paid repost


For AtContent you can receive support on the official support forum. You are also welcome to send your emails to or fill in a support form.

White Label Branding for WordPress

white-label-branding-wordpress plugin

Are you a WordPress developer or a Web Designer who uses WordPress to develop websites for your clients? Have you ever wished that it was easier to customize the menu’s and logo’s in WordPress and to decide which menu’s the users have access to? With White Label Branding for WordPress you can do exactly this. Take full control over the branding in wp-admin and decide who has access to what features. With the latest version of White Label Branding you have the ultimate tool for customizing WordPress admin and your login screen.


Automatic IceCat product information


Icecat is an open catalog, wich means that all of the data is open to everyone!

And best of all, most of them are free!


WP Boxer Pro


A WordPress plugin that will assist in creating beautiful content boxes by using 1 simple shortcode. Each of these boxes can contain a header, an image, some content and an optional link which can point to any given location. Boxes can be added to any section in your WordPress theme that supports shortcodes, so basically anywhere.


LinkShare eStore Affiliates Plugin

LinkShare eStore Affiliates Plugin

LinkShare eStore Affiliates is a plugin that allows you to create a store featuring products from a wide variety of merchants, worldwide stores and more, in just minutes.

With the LinkShare Affiliates program you are given access to a wide variety of merchants and products, including Apple iTunes, Wallmart, Dell and many others. If you want to offer brand recognition and popular products on your website, Linkshare is a great choice.


White Label Branding for WordPress Multisite

white-label-branding-wordpress plugin multisite

Are you running a WordPress Multisite Network? Are you a WordPress developer or a Web Designer who uses WordPress to develop websites for your clients? Have you ever wished that it was easier to customize the menu’s and logo’s on each sub-site in your WordPress Multisite Network? Would you like to give each sub-site the ability to do their own branding? Look no further! This plugin let you control the branding of the main site and all sub-sites in a network of websites powered by WordPress Multisite.


Security Ninja

seurity-ninja-wordpress plugin

Security Ninja contains 19 separate security tests. Once you click the “Run Tests” button all tests will be run. Depending on various parameters of your site this can take from ten seconds to 2-3 minutes. Please don’t reload the page until testing is done.


Ways to Detect the version of WordPress


How do you find out what version of WordPress a site is running if you don’t have access to the CMS? Of course  the most reliable way of finding the version of a WordPress site is to log into the CMS and look under ‘Updates’! But we don’t always have that luxury. There are plenty of reasons (both legitimate and nefarious) why you would want to do this:

  • You’ve been contacted by a new potential client and you want to  get an idea for how well their site has been maintained
  • You’re trying to diagnose server errors and want to see if an old WP version might be the cause
  • You’ve come across something you haven’t seen before and want to see if it’s related to a new WP version
  • Or, nefariously you might want to find sites with out of date WP installations that can be exploited
  • At, we want to find out the version to include in the free WordPress site scan reports we provide (e.g.

Here are on  WordPress Statistics page some charts showing what sorts of systems people are running WordPress on.
(You’ll need Javascript enabled to see them.)


We’ve found five neat ways of determining the version of a site. They don’t all work all the time but it’s rare that none will work. Here they are, in ascending order of difficulty:

  1. Readme file

    The quickest and easiest way is just to look at the readme.html file which is automatically installedat the root of a WordPress site, e.g.

  2. Feed generator tag

    WordPress feed generator

    WordPress feed generator

    If you can’t access the readme file (and it’s blocked by the more security-conscious hosting providers like WP Engine for that very reason), your next bet is to look at the source of the site’s RSS feed – this is always found at – e.g. Often, the feed’s source XML will include a <generator> tag which will give you the version as a ?v=x.x variable – as depicted above.

  3. Generator tag in HTML source

    Sometimes, you can just look at the HTML source of the page to find a generator tag like: <meta name="generator" content="WordPress 3.5" /> – but this is very much theme-specific so you’re safer looking in the feed first.

  4. Version of included files in HTML source

    This is a good one too. Look in the HTML source of a site’s homepage and there will nearly always be some script includes, a common one is the comment-reply file, which will look like this: <script type='text/javascript' src=''></script>. Note the ?ver=3.5 on the end of the script source. When included correctly by a theme, a version of the included file is always appended to the end of the file source URL. If no version is specified, the current WordPress version is used by default. You’ll often find other version numbers ARE included, but the comment-reply is usually just the WP version.

  5. MD5 hash of publically-accessible files

    This is by far the most complex tactic, but sometimes necessary. As web software, WordPress must make at least some of its files available to browsers (stylesheets, JavaScript files, etc), for example the comment-reply script above. As WordPress evolves, over time many of these files are updated. By performing a MD5 hash of the various publicly-accessible files for different versions, it’s possible to deduce which version (or at least range of versions) a WP site is using. E.g. if one downloaded your site’s comment-reply.js file from they can generate the MD5 hash of the file (which is a unique fingerprint of a particular file) and then compare that to a library of known hashes for various WP versions.

The easiest way to perform all of these checks is just to head over to and run a free site report on any WordPress site you’re interested in! connects WordPress sites, themes, users, professionals and industry benchmarks to create a unique database and network that maps the real, live world of WordPress.’s crawlers scan hundreds of thousands of WordPress sites, analyse and report on each one and then use the data connections between them to provide brand new insights into the WordPress ecosystem. offers:

  • a free WordPress site scanner
  • a dashboard to track and monitor your WordPress sites
  • a directory of WordPress professionals
  • a unique theme explorer

How to remove WordPress version
WordPress sites hacked, again!
Slow adoption rate of new WordPress versions
How to increase visitors and convert to customers
Check Your WordPress Version Without Logging In To Your Admin Section
How to Detect Mobile Devices using CSS3?
How to detect iPhone browser natively in WordPress

How to Protect Your WordPress Website from a Pharma Hack


WordPress is the best Content Management System (CMS) platform on the planet and with WordPress Developers can build all kind of websites for their clients.  Being a popular CMS platform, WordPress powered websites are most attractive for hackers. In 2010, Pharma hack was one of the serious threat to WordPress website. Although WordPress themes like The Thesis Theme team and WordPress core developers are trying to make it more secure, so its the best practice to keep your WordPress powered site always up to date  and use online tools like Sucuri to know more about latest threats and Malware to make it more safe and secure and use .

What is Pharma hack:

If your website look like pharmacy related website instead of helpful Web resource or not displaying your own content on searching of keywords on Google or other search engines, Its mean your website site is effect by WordPress Pharma hack. The users when trying to search your site  with required keyword, the search engine will not display your website, it will display  pharmaceuticals companies related web pages.

According to Pearsonified: who was effect once and written a detail article on WordPress Pharma hack

The WordPress pharma hack quietly exploits your highest-ranking and most valuable pages by overriding the title tag and by inserting spammy links into the page content. Interestingly, the modified title tag and spammy links are only visible to search engines.

The three red arrows highlight <title> tags that were cloaked by the WordPress pharma hack. [Source: WordPress Pharma hack ]

This is the big lose for site owners because they tried enough to get  good traffic but they never know their traffic is not coming from search engines and traffic going down everyday because hackers have put their malicious code in your web pages that replacing your links and Google description by stealing search links.

There are lot of tutorials and articles on Preventing WordPress powered website (wparena’s: how to find remove and protect wordpress site from malware and Identifying removing and preventing malware on your WordPress site), but in today I am simple going to complie a list of useful articles and tutorials along with tips and tricks for diagnoses, fixes and prevention of  WordPress Pharma Hack.

Understanding WordPress Pharma Hack Penetration

There are different ways attackers insert the malicious code into  WordPress file to get control over the database, plugins files even on WordPress core file like adding code in .htaccess file.   According to Sucuri which can provide the best  protection service for your websites and  web servers, there are three parts for WordPress pharma hack to add malicious code:

  •  Backdoor that allows the attackers to insert files and modify the database.
  •  Backdoor inside one (or more) plugins to insert the spam.
  •  Backdoor inside the database used by the plugins.

If you fix one of the three, but forget about the rest, you’ll most likely be reinfected and the spam will continue to be indexed.

As always, we recommend that you update your WordPress instance to the latest version. This goes for all of your plugins, themes, etc. WordPress is typically very secure, it’s when you’re running old versions, and/or out of date plugins/themes that run into trouble. Keep your stuff up to date, and it will minimize the risk of infection significantly.

[Source: Understanding and Cleaning the Pharma hack on WordPress]

For all other Web page security Golem Technologies. On the other hand, according to Pearsonified, These kind of attacks happened in two parts: There are malicious files in the WordPress plugins folder which contain identifiable PHP functions like  eval() andbase64_decode()but this kind of hack is not exception for such kind of hack. The only difference with Pharma hack inclusion, these functions stored in the WordPress database as strings, and they’re encoded backwards!  which open the backdoor for further run the string from the database. At runtime, a hack file in the plugins folder pulls these strings from the database, flips ‘em, and then runs ‘em as functions, and that’s how the deed gets done.

The hack pings Google Blog Search with queries like this one to see how many links a particular page has, and then it stores the results in the database. At runtime, the hack uses the number of links to determine which pages to target. [Source: WordPress Pharma hack ]

WordPress Pharma Hack Affects

In most (not all) cases the spammy links and/or content is cloaked or hidden from your sites visitors, it is only visible to search engine bots.  When a search engine bot makes a request for a page on your site in addition to the page being requested a search engine bot will identify itself in the user agent field.  Scripting languages such as php and javascript can read this value and determine when the request is coming from a search engine bot.

The form of the pharma hack varies from site to site, it can hit a single page or 1000s of pages, on some sites the hackers add 100s of hidden links to on-line pharmacy sites to the legitimate pages of a site.  On other sites the hackers use a cloaked or conditional hack which returns the spammy content only to a search engine bot.  Another common method is to add a php file to the site that returns the spammy content. The methods for accomplishing a pharma hack also vary from site to site, from some generic methods effective against all sites, to more specific methods that target the sites’ CMS such as WordPress or Joomla. [Source: Spam Hacks, The Pharmacy Hack, The Porn Hack]

According to websitedefender a Pharma Hack typically affects websites in three ways:
1. Results are visible on search engines only
2. Very difficult to eliminate
3. Highest ranked pages are targeted
Detail: Web security – SEO poisoning- pharma hack

Jaspal Sahota given detail WordPress Pharma hacks affacts on .htaccess file with other  vulnerabilities: Iif you know how to read .htaccess file, you’ll see that the planted code only works when the visitor is coming from Google, AOL or Yahoo):

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (google|yahoo) [OR]
RewriteCond %{HTTP_REFERER} (google|aol|yahoo)
RewriteCond %{REQUEST_URI} /$ [OR]
RewriteCond %{REQUEST_FILENAME} (html|htm|php)$ [NC]
RewriteCond %{REQUEST_FILENAME} !common.php
RewriteCond /home/xyz/public_html/common.php -f
RewriteRule ^.*$ /common.php [L]

Again, the final file (common.php) was planted. [Source: Pharmahack]

Protecting from WordPress Pharma Hack

There is very useful  article on WordPress prevention at FAQ_My_site_was_hacked. On the following list I have compiled a helpful articles which provide setp by step instruction about how to prevent from WordPress pharma hack attack:

How to Diagnose and Remove the WordPress Pharma Hack

You’ll have to dig through the two places where the hack is known to romp—your WordPress plugins folder and your WordPress database.

WordPress Pharma Hack

This is quite a different attack vector than say brute-forcing passwords on a WordPress site. If you know a little about what you’re doing, this is actually pretty straight forward. In fact, you can script these things pretty easily; this example was written by a hacker over a weekend.

Pharma Hack Fix for WordPress

It is really a brilliant plan.  If it weren’t so illegal – it would be perfect.  As far as I can tell, they employee a 3 stage process.  (Thanks for the help figuring this all out from my friend David, who is a super knowledgeable dude with this sort of stuff.)

How To Completely Clean Your Hacked WordPress Installation

Step by step process on how to completely clean out and restore a WordPress installation that has been hacked.

How to find a backdoor in a hacked WordPress

What’s a backdoor? Well, when somebody gets into your site, the very first thing that happens is that a backdoor is uploaded and installed. These are designed to allow the hacker to regain access after you find and remove him. Done craftily, these backdoors will often survive an upgrade as well, meaning that you stay vulnerable forever, until you find and clean the site up.

Top 5 WordPress Security Tips You Most Likely Don’t Follow

A list of the top 5 tips that most WordPress administrators do not do, but should:

How to increase the safety of WordPress

In this article we will see a series of technical and not that improve the safety of WordPress in a shared and dedicated, by changing some settings and adding the appropriate plugin.

Secure WordPress Themes providers:

StudioPress Premium WordPress ThemesPageLines CMS WordPress Themes

How to Secure and Protect WordPress Website through .htaccess file


With the help of a .htaccess (hypertext access) file you can get a directory-level configuration and it  allows you to decentralized the management of your web server configuration. As well it allow you to improve your blog’s security, and reduce bandwidth. Today, we compile a list of tips and hack to increase your WordPress website through .htaccess file.If you like these tips and hacks then please grab the WPArena RSS feed for keep yourself up to date!

Note: Be careful to make changes in this file because modifying the configuration of a server can cause security concerns if not set up properly. So Always have a Backup.

Restricting access to wp-admin

There are different ways to protect your  wp-admin. By using WordPress plugins ”Enhance WordPress security with two-factor authentication plugins” and through adding a .htaccess file into a wp-admin directory like:

By restricting the IP address and create a .htaccess file including following piece of code:

order deny,allow
allow from a.b.c.d # This is your static IP
deny from all

By restricting  the directory with a password:

AuthUserFile /etc/httpd/htpasswd
AuthType Basic
AuthName "restricted"
Order Deny,Allow
Deny from all
Require valid-user
Satisfy any

Source: You can read more about Hardening WordPress website with .htaccess file

Individually Blacklist IP Address

There are considerable number of spammers, scrapers, crackers, those need to be blacklisted to visit the website. Perishable Press every year blocked some IP address and they are giving solution on how to block IP address by using .htaccess file:

<Limit GET POST PUT> order allow,deny allow from all deny from </LIMIT>

Source: Improve site security by protecting .htaccess-files

Ultimate IP Blocker

Want to ban a IP, but don’t know how to use .htaccess and only ban for some pages? Let ipBlocker help you, ban IP(s) with a easy way and many functions, no need any database supported.

Protecting WordPress wp-config file

Josiah Cole giving solution on how to secure your own Website by editing or creating own .htaccess file in the following manners:

1. Protects itself (security)
2. Turns the digital signature off (security)
3. Limits upload size (security)
4. Protects wp-config.php (security)
5. Gives access permission to all visitors with exceptions (security, usability)
6. Specifies custom error documents (usability)
7. Disables directory browsing (security)
8. Redirect old pages to new (optional)
9. Disables image hotlinking (bandwidth)
10. Enables PHP compression (bandwidth)
11. Sets the canonical or “standard” url for your site (seo, usability)

Add the following piece of code in .htaccess file to protect he wp-config file:

# protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files>

Other useful links: How To Secure WordPress configuration file

Add the following code to Disable Directory Browsing:

# disable directory browsing Options All -Indexes

 Disables image hotlinking:

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
#RewriteRule \.(gif|jpg)$ – [F]
#RewriteRule \.(gif|jpg)$ [R,L]

Source- Almost Perfect htaccess File for WordPress Blogsa

Redirect WordPress Feeds to Feedburner via .htaccess (Redux)

.htaccess is a powerful tool which also help to redirect WordPress feeds to feedburner.

Redirecting your WordPress feeds to Feedburner enables you to take advantage of their many freely provided, highly useful tracking and statistical services. Although there are a few important things to consider beforeoptimizing your feeds and switching to Feedburner, many WordPress users redirect their blog’s two main feeds — “main content” and “all comments” — using either a plugin or directly via htaccess.

For those of us using Feedburner for all content and comment feeds, we have consolidated the previous htaccess code into a single redirect. Additionally, we improve functionality by verifying the requested URI and simplifying the regex used to match the target string. Check it out:

# temp redirect wordpress content feeds to feedburner 
<IfModule mod_rewrite.c> 
RewriteEngine on 
RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC] 
RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC] 
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ [R=302,NC,L]

Source: Perishable Press | How to switch RSS to feedburner in Thematic

How To Stop Image Hotlinking through .htaccess | WP Recipes

IP Delivery to Stop RSS “Content Thieves”

Quads Zilla at Seo Black Hat explained how to know IP address who is stealing your RSS Feed and how to block IP address through .htaccess file.

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^
RewriteRule ^(.*)$

How to maintenance page with a. Htaccess file?

You want to migrate your blog , switch themes , or to update WordPress , why not redirect your visitors to a maintenance page.

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]

Source – CatsWhoCode | | Protecting the WordPress wp-admin folder

Deny no referer requests [stop spam comments!]

If there are lots of spam comments on your blog, along with akismet, you can stop spam comments with .htaccess to prevent spammers posting comments on your blog.

RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.** [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Source – How to: Deny comment posting to no referrer requests

Force “File Save As” Prompt

By using this code you can force user not to open downloadable files instead you force them to save as:

AddType application/octet-stream .avi .mpg .mov .pdf .xls .mp4

Source – AskApache: THE Ultimate Htaccess | Forcing a Download with Apache and .htaccess

Improve Site Security by Protecting HTAccess Files

 presents on Perishable Press different  methods to protect .htaccess file. The following code below prevents external access to any file with .htaccess. Add the code below in your domain’s root .htaccess file.

Case-sensitive protection:

<Files .htaccess>
order allow,deny
deny from all

Weak pattern matching

<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All

Strong pattern matching

<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all

.htaccess – gzip and cache for faster loading and bandwidth saving

In order to speed up site and save bandwidth, you can use.htaccess file to gzip text based files and optimize cache HTTP headers.

If your hosting provider like HostGator has mod_gzip module enabled, the best way to compress your content is to add the following lines to your .htaccess file:

mod_gzip_on Yes
  mod_gzip_dechunk Yes
  mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
  mod_gzip_item_include handler ^cgi-script$
  mod_gzip_item_include mime ^text/.*
  mod_gzip_item_include mime ^application/x-javascript.*
  mod_gzip_item_exclude mime ^image/.*
  mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

Source – There are other different ways for fast loading and saving bandwidth on:
.htaccess – gzip and cache your site for faster loading and bandwidth saving
WordPress Super Cache: Makes WordPress Faster

WordPress Safer Admin Plugin

Have you ever wondered how you can hide your WordPress Admin Panel so possible attackers won’t be able to find it and gain access to your WordPress site?

If you want to ensure that no one knows where your WordPress Admin Panel is, then this WP Safer Admin Plugin is the right tool for you!



WP-Restrict is a WordPress plugin that allows WordPress admins to restrict access to their web site based on IP addresses.


Redirecting Subdirectories to the Root Directory via HTAccess

One of the most useful techniques in my HTAccess toolbox involves URL redirection using Apache’s RedirectMatch directive. With RedirectMatch, you get the powerful regex pattern matching available in the mod_alias module combined with the simplicity and effectiveness of the Redirect directive.

RedirectMatch 301 ^/blog/.*$ http://domain.tld/target.html 

Source – Perishable Press | How to redirect the spammers where you want

Removing Category Base from WordPress URLs

The below .htaccess code illustrates 2 different ways to redirect any request for /category/slug/ to /slug/. You should only redirect after applying the php hacks described earlier, otherwise you could end up creating a loop.

RedirectMatch 301 ^/category/(.+)$$1
# OR
RewriteRule ^category/(.+)$$1 [R=301,L]

Source: AskApache

Valiantly automatically fix URL spelling mistakes

This directive can be useful to auto-correct simple spelling errors in the URL

<IfModule mod_speling.c>
CheckSpelling On

Source – Vortex Mind

Redirect the spammers where you want

Here is the script to add to your WordPress blogs (or into your site’s) .htaccess file:

# block comment spam by denying access to no-referrer requests
RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.** [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ ^$ [R=301,L]

Easily rename your .htaccess file

# rename htaccess files AccessFileName ht.access

Source: Stupid htaccess tricks | How to redirect the spammers where you want

20 htaccess hacks to prevent your wordpress site from hacking

Make your wp-login.php page xenophobic

Here’s the code that you should be copy paste to your root .htaccess file (where wp-login.php exist).

# Redirect wp-admin and wp-login to specified address if not from specific ip
# Btw you're free to add additional directory as you see fit
# Note: This'll break your site if you have plugins/themes that depend on accessing admin-ajax.php
RewriteCond %{REQUEST_URI} wp-login|wp-admin
RewriteCond %{REMOTE_ADDR} !^123.456.789.
RewriteRule . [R,L]

# Or .. if you prefer to return 404 Not found instead of redirecting it, use below code instead
RewriteCond %{REQUEST_URI} wp-login.php|wp-admin
RewriteCond %{REMOTE_ADDR} !^123.456.789.
RewriteRule . - [R=404,L]

Source – Hardening WordPress with Mod Rewrite and htaccess | 7 Tools For Fighting Spam In WordPress

The easiest way to ban a WordPress spammer

Require password for 1 file

<Files login.php>
   AuthName "Prompt"
   AuthType Basic
   AuthUserFile /home/
   Require valid-user

Protect multiple files

<FilesMatch "^(exec|env|doit|phpinfo|w)\.*$">
   AuthName "Development"
   AuthUserFile /.htpasswd
   AuthType basic
   Require valid-user

Source: ultimate htaccess code snippets

Speed up your site by compressing and caching your content with .htaccess

In the following series you can compress and cache your site content with Apache and .htaccess file.

compress text files

<ifModule mod_deflate.c>
  <filesMatch "\.(css|js|x?html?|php)$">
    SetOutputFilter DEFLATE

Expire headers

<ifModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType image/x-icon "access plus 2592000 seconds"
  ExpiresByType image/jpeg "access plus 2592000 seconds"
  ExpiresByType image/png "access plus 2592000 seconds"
  ExpiresByType image/gif "access plus 2592000 seconds"
  ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
  ExpiresByType text/css "access plus 604800 seconds"
  ExpiresByType text/javascript "access plus 216000 seconds"
  ExpiresByType application/javascript "access plus 216000 seconds"
  ExpiresByType application/x-javascript "access plus 216000 seconds"
  ExpiresByType text/html "access plus 600 seconds"
  ExpiresByType application/xhtml+xml "access plus 600 seconds"

Cache-control headers

<ifModule mod_headers.c>
  <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
    Header set Cache-Control "max-age=2592000, public"
  <filesMatch "\.(css)$">
    Header set Cache-Control "max-age=604800, public"
  <filesMatch "\.(js)$">
    Header set Cache-Control "max-age=216000, private"
  <filesMatch "\.(x?html?|php)$">
    Header set Cache-Control "max-age=600, private, must-revalidate"

Turn etags off

<ifModule mod_headers.c>
  Header unset ETag
FileETag None

Remove last-modified header

<ifModule mod_headers.c>
  Header unset Last-Modified

Source: More on compressing and caching your site with .htaccess

Performance Optimizer Plugin for WordPress

The plugin will help you increase the performance of your WordPress website. We aim to do this by optimizing key features of the website’s loading process thus increasing the loading speed and limiting the bandwidth consumption.


References and other Useful Resource:

Protect your WordPress site .htaccess
Using htaccess Files for Pretty URLS
Web security: what is an .htaccess file
How to protect and secure your WordPress site
A to Z of WordPress .htaccess Hacks
Comprehensive guide to .htaccess
Introduction to .htaccess
Forcing a Download with Apache and .htaccess
Hardening WordPress with htaccess

.htaccess Builder

To quickly and effortlessly deliver an htaccess file without having to remember anything about the apache server language used to construct the htaccess file!

htaccess Builder! is complete as is – however – depending on requests and sales it has the potential to grow to cover just about every function of htaccess.


Free & Professional WordPress Security Service Free & Professional WordPress Security Service

We Love WordPress. WordPress Arena is a place for WordPress Developers and Designers, providing Tips, tricks, tools and resources to build a website or blog on WordPress. We also present The WordPress Showcase for all kind of WordPress Powered Websites.

Copyright © 2014 WP Arena All Rights Reserved

Divi WordPress Theme