full htaccess file for wordpress developers | password request, redirect, specific files protection, no directory browsing, prevent php execution, mod_cache, mod_mime, etag, mod_expires, mod_deflate, gzip

.htaccess

# Change [/home/public_html/yourwebsite/] to your absolute path
# Create a .htpasswd file
# Add guest:/ls2opk3b1puY   >> login: guest | pw: guest
AuthUserFile /home/public_html/yourwebsite/.htpasswd
AuthName "Type Password"
AuthType Basic
Require valid-user

<IfModule mod_rewrite.c>
	RewriteEngine On
	# Add your IP below
	ReWriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
	# Redirect to Google is IP doesn't match
	RewriteRule (.*) http://google.com/ [R=301,L]
</IfModule>

# Block access to WordPress specific files
<files .htaccess>
	Order allow,deny
	Deny from all
</files>
<files readme.html>
	Order allow,deny
	Deny from all
</files>
<files readme.txt>
	Order allow,deny
	Deny from all
</files>
<files install.php>
	Order allow,deny
	Deny from all
</files>
<files wp-config.php>
	Order allow,deny
	Deny from all
</files>

Options -Indexes

<IfModule mod_rewrite.c>
	RewriteEngine On

	# Protect wp-includes
	RewriteRule ^wp-admin/includes/ - [F]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
	RewriteRule ^wp-includes/[^/]+\.php$ - [F]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
	RewriteRule ^wp-includes/theme-compat/ - [F]

	# Prevent php execution in uploads
	RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]

	# Block suspicious URIs
	RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
	RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
	RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
	RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
	RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
	RewriteCond %{QUERY_STRING} http\:  [NC,OR]
	RewriteCond %{QUERY_STRING} https\:  [NC,OR]
	RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
	RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
	RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
	# RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
	RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
	RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
	RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
	RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
	RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
	RewriteCond %{QUERY_STRING} !^loggedout=true
	RewriteCond %{QUERY_STRING} !^action=jetpack-sso
	RewriteCond %{QUERY_STRING} !^action=rp
	RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
	RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
	RewriteRule ^(.*)$ - [F]
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
</IfModule>
# END WordPress

<IfModule mod_cache.c>
   <IfModule mod_mem_cache.c>
      CacheEnable mem /
      MCacheSize 4096
      MCacheMaxObjectCount 100
      MCacheMinObjectSize 1
      MCacheMaxObjectSize 2048
   </IfModule>
</IfModule> 

<IfModule mod_mime.c>
  # Audio
    AddType audio/mp4 m4a f4a f4b
    AddType audio/ogg oga ogg
  # JavaScript
    AddType application/javascript js jsonp
    AddType application/json json
  # Video
    AddType video/mp4 mp4 m4v f4v f4p
    AddType video/ogg ogv
    AddType video/webm webm
    AddType video/x-flv flv
  # Web fonts
    AddType application/font-woff woff
    AddType application/vnd.ms-fontobject eot
    AddType application/x-font-ttf ttc ttf
    AddType font/opentype otf
  # Make SVGZ fonts work on iPad:
    AddType     image/svg+xml svg svgz
    AddEncoding gzip svgz
  # Other
    AddType application/octet-stream safariextz
    AddType application/x-chrome-extension crx
    AddType application/x-opera-extension oex
    AddType application/x-shockwave-flash swf
    AddType application/x-web-app-manifest+json webapp
    AddType application/x-xpinstall xpi
    AddType application/xml atom rdf rss xml
    AddType image/webp webp
    AddType image/x-icon ico
    AddType text/cache-manifest appcache manifest
    AddType text/vtt vtt
    AddType text/x-component htc
    AddType text/x-vcard vcf
</IfModule>

# Either use Cache-Control or mod_expires both active is redundancy
# <IfModule mod_headers.c>
   #  Header unset ETag
   # <filesMatch "\.(ico|jpg|png|gif|swf)$">
   #    Header set Cache-Control "max-age=604800, public"
   # </filesMatch>
   # <filesMatch "\.(css)$">
   #    Header set Cache-Control "max-age=60480, public"
   # </filesMatch>
   # <filesMatch "\.(js)$">
   #    Header set Cache-Control "max-age=21600, private"
   # </filesMatch>
   # <filesMatch "\.(x?html?|php)$">
   #    Header set Cache-Control "max-age=600, private, must-revalidate"
   # </filesMatch>
# </IfModule>

FileETag None

<IfModule mod_expires.c>
    ExpiresActive on
    ExpiresDefault "access plus 2 days"
  # Images
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
  # CSS
    ExpiresByType text/css "access plus 1 week"
  # Data interchange
    ExpiresByType application/json "access plus 30 seconds"
    ExpiresByType application/xml "access plus 30 seconds"
    ExpiresByType text/xml "access plus 30 seconds"
  # Favicon
    ExpiresByType image/x-icon "access plus 1 year"
  # HTML components (HTCs)
    ExpiresByType text/x-component "access plus 1 month"
  # HTML
    ExpiresByType text/html "access plus 120 seconds"
  # JavaScript
    ExpiresByType application/javascript "access plus 1 week"
    ExpiresByType text/x-javascript "access plus 1 week"
  # Manifest files
    ExpiresByType application/x-web-app-manifest+json "access plus 60 seconds"
    ExpiresByType text/cache-manifest "access plus 60 seconds"
  # Media
    ExpiresByType audio/ogg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType video/mp4 "access plus 1 month"
    ExpiresByType video/ogg "access plus 1 month"
    ExpiresByType video/webm "access plus 1 month"
  # Web feeds
    ExpiresByType application/atom+xml "access plus 1 hour"
    ExpiresByType application/rss+xml "access plus 1 hour"
  # Web fonts
    ExpiresByType application/font-woff "access plus 1 month"
    ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
    ExpiresByType application/x-font-ttf "access plus 1 month"
    ExpiresByType font/opentype "access plus 1 month"
    ExpiresByType image/svg+xml "access plus 1 month"
</IfModule>

<IfModule mod_deflate.c>
  # Insert filter on all content
    SetOutputFilter DEFLATE
  # Insert filter on selected content types only
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
  # Netscape 4.x has some problems...
    BrowserMatch ^Mozilla/4 gzip-only-text/html
  # Netscape 4.06-4.08 have some more problems
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
  # MSIE masquerades as Netscape, but it is fine
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  # Don't compress images
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
  # Make sure proxies don't deliver the wrong content
  # Header append Vary User-Agent env=!dont-vary

    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>
 
# Limit bandwidth consumption
<IfModule mod_php5.c>
   php_value zlib.output_compression 16386
</IfModule>

##################

# Redirect 301 / http://leowebdev.com/

# AuthUserFile /home/vida7/public_html/wp/.htpasswd
# AuthName "Type Password"
# AuthType Basic
# Require valid-user

# <IfModule mod_rewrite.c>
# RewriteEngine On
# RewriteCond %{SERVER_PORT} 80 
# RewriteRule ^(.*)$ https://newlifeus.com/$1 [R,L]
# </IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
</IfModule>
# END WordPress

# FileETag none

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

<IfModule mod_deflate.c>
   AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript
</IfModule>

<ifModule mod_gzip.c>
   mod_gzip_on Yes
   mod_gzip_dechunk Yes
   mod_gzip_item_include file .(html?|txt|css|scss|js|php|pl)$
   mod_gzip_item_include handler ^cgi-script$
   mod_gzip_item_include mime ^text/.*
   mod_gzip_item_include mime ^application/x-javascript.*
   mod_gzip_item_exclude mime ^image/.*
   mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

<IfModule mod_expires.c>
   ExpiresActive On
   ExpiresDefault "access plus 1 month"
   ExpiresByType image/jpg "access plus 1 month"
   ExpiresByType image/jpeg "access plus 1 month"
   ExpiresByType image/png "access plus 1 month"
   ExpiresByType image/gif "access plus 1 month"
   ExpiresByType text/plain "access plus 1 month"
   ExpiresByType text/css "access plus 7 month"
   ExpiresByType application/javascript "access plus 1 year"
   ExpiresByType application/x-javascript "access plus 1 year"
   ExpiresByType application/x-icon "access plus 1 year"
   ExpiresByType image/x-ico "access plus 1 year"
</IfModule>

# BEGIN Cache-Control Headers (2months)
<IfModule mod_headers.c>
    <FilesMatch "\.(jpg|jpeg|png|gif)$">
        Header set Cache-Control "max-age=5184000, public"
    </FilesMatch>
    <FilesMatch "\.(css)$">
        Header set Cache-Control "max-age=5184000, public"
    </FilesMatch>
    <FilesMatch "\.(js)$">
        Header set Cache-Control "max-age=5184000, public"
    </FilesMatch>
</IfModule>
# END Cache-Control Headers

# Redirect 301 /contacts/ https://newlifeus.com/contacts/
# Redirect 301 /sobre-nos/ https://newlifeus.com/quem-somos/
# Redirect 301 /nl-news/ https://newlifeus.com/category/news/
# Redirect 301 /m-media/ https://newlifeus.com/media-app/
# Redirect 301 /contacts/ https://newlifeus.com/contacts/

# Redirect 301 https://cpnv.org https://newlifeus.com
# Redirect 301 http://cpnv.org https://newlifeus.com

RedirectMatch 301 ^/wp/(.*)$ https://newlifeus.com/
RedirectMatch 301 ^/category/itemlist/(.*)$ https://newlifeus.com/category/midia/
RedirectMatch 301 ^/medias/mensagens(.*)$ https://newlifeus.com/category/midia/
RedirectMatch 301 ^/midia(.*)$ https://newlifeus.com/category/midia/
RedirectMatch 301 ^/news(.*)$ https://newlifeus.com/category/news/
RedirectMatch 301 ^/contacts(.*)$ http://newlifeus.com/contact/
RedirectMatch 301 ^/sobre-nos(.*)$ http://newlifeus.com/quem-somos/
RedirectMatch 301 ^/nl-news(.*)$ http://newlifeus.com/category/news/

RedirectMatch 301 ^/midia2(.*)$ https://newlifeus.com/category/midia/
RedirectMatch 301 ^/template(.*)$ https://newlifeus.com/
RedirectMatch 301 ^/component(.*)$ https://newlifeus.com/
RedirectMatch 301 ^/give(.*)$ https://newlifeus.com/ofertas/
RedirectMatch 301 ^/doacao-2(.*)$ https://newlifeus.com/ofertas/
RedirectMatch 301 ^/cdn-cgi(.*)$ https://newlifeus.com/