The most important rule for search engine optimization is to use the page title in the url. Everything else is optional and up to the user’s liking.

WordPress generates an .htaccess file when the permalinks are changed that contains the rewrite directives. It sometimes happens that the file cannot be created or written which would then mean that the user would need to create and edit the htaccess file manually.

The WordPress code that is used is not optimized. It does not prevent for instance unnecessary file and directory checks. JP Morgan over at the Webmaster World forum created a better rewrite directive that “fixes several performance-affecting problems”.

This is a total replacement for the code supplied with WP as bounded by the “Begin WP” and “End WP” comments, and fixes several performance-affecting problems. Notably, the unnecessary and potentially-problematic container is completely removed, and code is added and re-structured to both prevent completely-unnecessary file- and directory- exists checks and to reduce the number of necessary -exists checks to one-half the original count (due to the way mod_rewrite behaves recursively in .htaccess context).

According to JP the modified code speeds up the .htaccess code by at least a factor of two by “avoiding the second-pass exists checks on index.php itself, and avoiding exists-checks on resources such as image files which obviously don’t need to be handled by WP.”

Replace the old WordPress rewrite code in the .htaccess file with the following new code. You might need to edit the file types (gif|jpg|php|ico|css|js). These should contain the files that are requested the most. It might make sense to include png for instance in the list.

# BEGIN WordPress
#
RewriteEngine on
#
# Unless you have set a different RewriteBase preceding this point,
# you may delete or comment-out the following RewriteBase directive
# RewriteBase /
#
# if this request is for "/" or has already been rewritten to WP
RewriteCond $1 ^(index\.php)?$ [OR]
# or if request is for image, css, or js file
RewriteCond $1 \.(gif|jpg|php|ico|css|js)$ [NC,OR]
# or if URL resolves to existing file
RewriteCond %{REQUEST_FILENAME} -f [OR]
# or if URL resolves to existing directory
RewriteCond %{REQUEST_FILENAME} -d
# then skip the rewrite to WP
RewriteRule ^(.*)$ - [S=1]
# else rewrite the request to WP
RewriteRule . /index.php [L]
#
# END wordpress

This change seems to speed up the WordPress loading time considerably. Let us know how you think it affected the page loading time if you have implemented it in your blog or noticed a difference here at Ghacks.

Visit the thread over at the Webmaster World forum for additional information.

I use it mainly to secure certain directories on my websites from being accessed without the proper authorization. This is the admin directory in the case of WordPress for instance but could also be used to secure a directory that hosts some valuable files.

I would like to point out two possibilities that secure a directory with .htacess. The first is to protect the directory by only allowing users with a certain IP or IP range access to it. Everyone else would receive an access denied error message.

The second possibility would be to create usernames and passwords that have to be supplied before accessing the content.

IP Protection:

Create a .htaccess file and add the following code to it:

AuthName "Protected Content"
AuthType Basic

order deny,allow
deny from all
#Comment
allow from 255.255.255.255


Change the IP address in the last line to the one used by the user / users. You can use wildcards * if the user is receiving dynamic IPs from his ISP. It is possible to add as many allow from lines to the .htaccess file as you want. Place that htaccess file in the directory that you want to protect. (all subdirectories are affected as well.

The problem with this kind of protection is twofold. If your IP changes, say you are on holiday or accessing from a different location, you need to add or change the IPs in the htaccess code. Users who happen to have a IP of that range can access the content without problems. This is usually a user from the same ISP.

A more secure protection is the basic auth protection.

Password Protection:

Whenever a user tries to access a directory or file a popup will appear asking the user for a username and password. This method requires two files, a htaccess file and a htpasswd file. The htpasswd file stores the usernames and encrypted passwords and should be placed outside of the root directory of the website.

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
require valid-user

Since the passwords are encrypted you need to use a script to do that. A working one is the htpasswd Content Generator. Just enter a username and password and click on encrypt. Paste the line on the results page into the htpasswd file and place it exactly in the path that you specified in AuthUserFile.

It is possible to combine both protections for added security. I would begin by evaluating if your webhost is allowing those kind of files.