
www to non-www OR non-www to www
Some bloggers prefer to prefix www just before their domain name, while others do not use it at all. This is a personal choice, but it also affects your blog's SEO if you've not properly configured the settings. Crawlers from various search engines may find two versions of the same page - one with a www prefix and another one without any prefix. This dilutes your content and you may have to suffer the duplicate content penalty. To avoid this catastrophic situation, you must redirect all your posts and pages to a single preferred format - either www or non-www.#Redirect www to non-www
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.yourdomain.com [NC]
RewriteRule ^(.*)$ http://yourdomain.com/$1 [L,R=301]
#Redirect non-www to www
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^yourdomain.com [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [L,R=301]
You can use one of the directives given above that matches with your preference to prevent any kind of confusion for the crawlers as well as for the visitors. There's no best alternative between the two. You can choose either of them provided you've specified the right directive in your .htaccess file to implement your preference.
Preventing directory browsing
Hackers often employ direct in-browser directory browsing to know the contents and directory structure of a website. This can prove fatal as they can know the files location as well as their contents. To prevent this from happening, you must employ a technique to disable any kind of directory browsing. Simply add a single line .htaccess directive given below and you'll completely block such kind of browsing activity on your WordPress blog.#Disable directory browsing
Options All -Indexes
This is one of the first settings I implement while installing a fresh WordPress blog. Make sure you prefix the minus sign in the directive as shown above.
Restrict access to .htaccess file
Since large numbers of security and system settings are configured in .htaccess file, it is often a target for hackers and intruders. Other than the blog owner, no one else should have access to this file. You can impose this restriction very easily by the following directive given below.#Deny access to .htaccess file
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
Restrict access to wp-config.php file
This is yet another extremely important WordPress file that contains important configurations and system data necessary to run your blog. You must provide a similar directive to prevent hackers from gaining access to wp-config.php file. As I mentioned earlier, simply applying this directive is just one of the security measure.#Deny access to wp-config.php file
<files wp-config.php>
order allow,deny
deny from all
</files>
Disable display of server and software versions
Hackers often exploit the vulnerabilities found in different versions of LAMP stack installed on web servers. Whenever a visitor land on a non-existent (404) page, your web server returns an error along with the versions of different software installed on it. This information can be used by hackers to exploit the version-specific vulnerabilities on that web server.#Disable server signature display
ServerSignature Off
Disable image hotlinking
Sometimes newbies ignorant about image thieves fail to discover that webmasters of other websites are not only stealing their images but also their precious bandwidth. There are two things you can do about it. Firstly, you must watermark all your images uploaded for use on your blog. Secondly, you can use the directive given below to stop such type of image hotlinking.#Disable hotlinking of images
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yourdomain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/thief.jpg [L]
Redirect visitors to custom error pages
At times, a visitor may land on your blog through a broken link. In such situation, your web server returns a 404 page to the visitor. Quite similar to this, there are several other kinds of error pages that may be served to the visitor in different circumstances. You must configure your own custom error page for these conditions to let visitors choose some other location on your blog.#Divert traffic to custom error pages
ErrorDocument 400 /400.php
ErrorDocument 401 /401.php
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php
Stop spam comments
This is a simple yet effective technique to fight spam comments left by bots where the referrer is nowhere. Although you can also use Akismet plugin to fight spam effectively, usage of this important .htaccess directive adds an extra anti-spam layer on your blog. This directive prevents a good number of spam comments coming from nowhere that are easily identified by this check.#Stop spam comments from bots
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php
RewriteCond %{HTTP_REFERER} !yourdomain.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
Redirect default WordPress feed to Feedburner
Almost every WordPress blogger uses Feedburner for providing feed subscribing options to the visitors. In case, somebody uses the default WordPress feed he won't be counted in your Feedburner dashboard as a subscriber. This way you can lose count of a large number of subscribers who're subscribing through default WordPress RSS feed.#Redirecting default RSS feed to Feedburner
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC]
RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/feedname [R=302,NC,L]
Restrict uploading of large files
If you're running a multi-author blog or a membership site powered by WordPress, you may consider putting a check on media files upload sizes. Sometimes notorious users upload large media files eating up your precious bandwidth. To avoid this unpleasant situation, you must put a limit on the maximum file size that can be uploaded to your blog.#Prevent uploading of files large than 10 MB
LimitRequestBody 10240000
Note: You must replace yourdomain.com mentioned in the directives with the actual domain name of your blog.