.htaccess Archives

Featured Articles

GNU/Linux, Web applications

2026-06-07

Blocking bad bots and search engines using .htaccess

Take control of your server resources by learning how to block aggressive bots and unwanted search engines using .htaccess and mod_rewrite. This guide provides copy-paste ready configurations to prevent bandwidth theft, stop scrapers, and ensure that only relevant search engines crawl your website.

Force HSTS in Apache .htaccess

Learn how to enable HSTS (HTTP Strict Transport Security) in Linux Apache .htaccess. I wrote about enabling HTTP Strict Transport Security (HSTS) in IIS earlier. But what about enabling HSTS in Apache .htaccess? Here is how.

Security

Last updated: 2026-05-10

.htaccess security best practices in Apache 2.4.6+

Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. Apache Access Controle done right in WordPress .htaccess.

WordPress

Last updated: 2026-05-20

Protect WordPress from brute-force XML-RPC attacks

How to protect your WordPress from brute-force XML-RPC attacks, because the WordPress XML-RPC API has been under attack for many years now.

WordPress

Last updated: 2026-05-19

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

Move WordPress to HTTPS correctly. Learn the Site Health switch, database search and replace, IIS/Apache redirects, HSTS hardening, and OpenSSL verification.

Windows Server

Last updated: 2026-05-10

HackRepair.com’s Bad Bots .htaccess in web.config for IIS

Learn to protect your WordPress website with this web.config file on Windows Server IIS. Block IP addresses, bad bots, query string sequences

WordPress

Last updated: 2026-05-10

Huge increase in WordPress xmlrpc.php POST requests

How to identify, block, mitigate and leverage xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.

Windows Server

Last updated: 2026-04-07

Remove IIS Server version HTTP Response Header

Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the “Server:” header in the HTTP response, as shown below. In this post I’ll show you how to remove HTTP response headers in Windows Server IIS. You don’t want to give hackers too much information about your servers, right?.

Useful

Last updated: 2026-04-19

Redirect HTTP to HTTPS

In this post I provide you various HTTP to HTTPS redirection methods, for Windows Server IIS and Linux Apache. Use these examples to your advantage to secure the traffic between your visitors and your website.

Web applications

Last updated: 2026-05-10

Create your own PHP based Origin Pull CDN

The advantage of having your website content hosted on a Content Delivery Network (CDN) is having your content distributed and stored across the Globe. Utilizing the network of the Content Delivery Network provider.

Windows Server

Last updated: 2025-11-01

Convert .htaccess to web.config

This post describes some of the IIS URL Rewrite Module web.config equivalents of commonly used Apache .htaccess settings. You’ll learn how to translate .htaccess content to IIS web.config, this is useful when you need to migrate your website from Apache to Windows Server IIS.

Helico Ape htaccess in IIS flow_landscape

Windows Server

Last updated: 2026-05-10

How to use .htaccess files on Windows Server IIS

Learn how to use .htaccess in Windows Server IIS. Before IIS 7 and the URL Rewrite module, you had to rely on third party extensions to IIS for URL rewriting with .htaccess files.