One place for hosting & domains

      WordPress

      How to Use GitHub for WordPress Development


      If you’ve spent much time reading up on WordPress, chances are you’ve heard about GitHub. It’s one of the most popular platforms for developers to host their projects and collaborate with others. Maybe you’ve even considered trying it out yourself but don’t know where to start.

      The time has come to familiarize yourself with this invaluable WordPress resource. GitHub is an excellent platform for tracking, managing, and collaborating on development projects, so it’s well worth learning how to use. It enables you to host projects online and use the powerful version control of Git to keep track of every change.

      An Introduction to GitHub

      GitHub may look overwhelming if you’re a newcomer, but at its core, it’s actually pretty simple. In essence, GitHub is a free hosting service specifically designed for developers. Its primary use is to host projects for sharing and collaboration, making them available so that other users can contribute to and download them:

      The Github WordPress repository

      As the name implies, GitHub is built around the functionality of Git. This is a version control system that tracks all changes made to a project. What makes this system so powerful is how comprehensive it is. Since Git keeps track of every file and change in your project, it enables you to revert quickly to any previous version.

      Git also lets developers create ‘branches’, which are copies of a project that you can work on independently. Creating branches gives you the opportunity to make and test changes without affecting the whole project. You can then ‘merge’ your changes into the main branch if you want or simply discard them.

      These features are key to understanding why Git and GitHub are so invaluable to developers. You don’t have to worry about causing irreparable damage to a project, for example, since you can always create branches and roll back all revisions.

      Plus, it’s easy to collaborate on a project with a potentially unlimited number of users. In fact, this is exactly how WordPress itself is developed these days.

      Getting Started with GitHub

      Before you can start using GitHub, you’ll need a system for using Git and GitHub together. First of all, you’ll need to download and install Git on your local machine. You’ll be using it to perform crucial GitHub related-tasks, such as transferring files between your computer and your GitHub repository.

      GitHub is only the host for the project, so all the actual development happens on your local machine. Git then uses ‘repositories’ to store each project.

      This might sound confusing, in theory, so let’s look at a typical workflow:

        1. You have a project hosted in a repository on GitHub.
        2. You create a local repository and use Git to ‘pull’ in the latest version of the project from GitHub.
        3. You can now work on the project on your local computer. When you have made changes, you can ‘push’ them back into the GitHub repository.

      How you decide to structure your specific workflow depends on your preferences and the project’s requirements. The important thing is that your process works smoothly for you, your project, and your collaborators.

      Finally, to get the most out of Git, you’ll want to use the command line. Git is most commonly used through Secure Shell (SSH), which features a command line interface. If you don’t already know how to use the command line, we recommend that you familiarize yourself with the process before getting started.

      How to Use GitHub for WordPress Development (In 7 Steps)

      Now, it’s time for you to try out GitHub development for yourself! In this example, you’ll be creating a GitHub project for developing a WordPress theme. We’ll show you how to create a GitHub account and two repositories before showing you how to transfer your theme back and forth between them.

      Step 1: Create a Local WordPress Environment

      When you’re developing WordPress, it’s important to always use a staging environment. This gives you the freedom to try new things without worrying about how they will affect your live site.

      In this case, you’re going to create a local staging environment by installing WordPress on your computer. You can do this in a few different ways, but we recommend using Local, which enables you to quickly create a local version of WordPress for free:

      The Local homepage

      Simply select your platform and download the free version of Local. Then you’ll just need to run the installer.

      The installer will take a moment to work. After it’s completed, you can create and configure a new local WordPress site, following the instructions in this guide.

      Step 2: Install Git on Your Local Machine

      It’s now time to install Git. If you are running a recent version of Mac OS, you might find that Git is already on your machine. You can check this by opening your command line interface, such as Terminal, and entering the following command:

      git --version

      If Git is installed, this function will return its version number. If not, you will instead be asked if you want to install it right away. You can also download the installer and run it manually for Mac, Linux, and Windows computers.

      If you’re not comfortable with the command line interface, you might want to consider downloading a Git GUI application instead. However, for this example, we’re going to use the standard command line method. Either way, once Git is installed, you’re ready to create a local repository.

      Get Content Delivered Straight to Your Inbox

      Subscribe to our blog and receive great content just like this delivered straight to your inbox.

      Step 3: Create a Local Repository for Your Project

      You can now create a local Git repository for your project. In this example, we’ll use the Twenty Twenty-One theme, which should already be included in your local WordPress installation.

      First, you’ll need to access the theme’s folder using the following command:

      cd /Users/you/Documents/Websites/website/wp-content/themes/twentytwentyone

      Make sure to change this file path so that it leads to the right directory by replacing you and website with the correct folder names. You can now initialize this directory as a repository with the following command:

      git init

      Next, you’ll need to add your files to the index. This process tells Git which files you have added or edited since the last time you performed a commit (in other words, saved your changes).

      Since this is the first commit, you can use the following command to add every file in the folder:

      git add

      You can now commit your changes. The following command will commit all files in the index and include a message to help you keep your versions organized:

      git commit -m "The first commit"

      You have now finished configuring your local repository! That means it’s time to turn your attention towards GitHub.

      Step 4: Register a GitHub Account

      At this point, you’ll want to create a GitHub account. Start by accessing the GitHub homepage and filling in the registration form:

      The signup form for Github

      The interactive signup form will prompt you to enter a password and username and confirm your email address. Then, you’ll be asked to choose how many team members will be working with you and whether you’re a student or a teacher:

      Signing up for GitHub

      After that, you’ll be asked which features you’re interested in using. We recommend selecting Collaborative coding at a minimum:

      The GitHub signup process

      Now you can choose the free plan by clicking on Continue for free:

      Selecting the GitHub free plan

      You’ll then be taken directly to your GitHub dashboard. If you want to know more about the basics of using GitHub, we recommend taking some time to read the aforementioned guide. For now, however, we’re going to create a repository.

      Step 5: Create a Repository on GitHub

      You’re finally ready to create the GitHub repository for your project. This is a fairly simple process and only requires you to configure a few settings. Let’s start from the top.

      To get started, click on Create repository in your dashboard:

      Create a new repository with GitHub

      First, you can select the repository’s owner, which is effectively the admin for the repository. This should already be set to yourself, so you can leave it as-is:

      Next, you’ll need to give your repository a descriptive and concise name. You may want to name it after the plugin, theme, or other project you’ll be working on.

      After that, you can enter a description of the project. Again, this should be specific and descriptive so that other developers and users can understand what it is you’re creating.

      Since you signed up for a free account, you will only be able to create a public repository (although that’s all you’ll need right now). You’ll also be given the option to immediately clone the repository to your computer using a README file. Since you already have a local repository in place, you shouldn’t select this option now. However, it can be a handy tool for future projects.

      Finally, you’ll see two drop-down menus at the bottom of this screen. The first enables you to select a gitignore option if you want Git to ignore certain files from being tracked.

      The second option lets you choose a license for your repository. When you’re creating a real project, it’s important that you carefully consider what license to use. WordPress has very specific rules about licenses, which you’ll need to be aware of when developing for the platform.

      For now, you can simply choose None from that menu and then click on Create repository to finish setting things up:

      This will take you to your new project, which means it’s time to add your theme.

      Step 6: Commit Your Project to GitHub

      You can now push your theme to GitHub. Enter the following command into Git, making sure to replace the URL with a link to the repository you just set up:

      git remote add origin https://github.com/yourusername/my-git-theme.git
      
      git push -u origin master

      You will then be prompted to enter your GitHub username, followed by your password. When you have done that, all the files you have committed to your local repository will be pushed to your GitHub project:

      If you return to your GitHub repository, you will see that all files have been added to it.

      Step 7: Fetch Updates from GitHub to Your Local Repository

      You now have two repositories set up, and you know how to push changes from your local machine to the GitHub project. The final step is to flip this process and learn how to pull data from GitHub to your local installation.

      If you’re working alone on a project, you’ll rarely need to worry about doing this. However, it becomes necessary if other developers are pushing their changes into the external repository as well.

      You can do this easily by using the fetch command. Simply enter this command into Git, replacing the URL with the correct one for your GitHub project:

      git fetch https://github.com/yourusername/my-git-theme.git

      This command will pull all changes from GitHub and copy them over. Your local repository will now be synced up with your GitHub repository.

      With that done, you have successfully created a new GitHub project for a WordPress theme! At this point, feel free to continue experimenting with these tools to see what you can accomplish.

      Get Started With WordPress Development Using GitHub

      Using GitHub for WordPress development grants you absolute power over every aspect of your projects. By using Git’s powerful version control features, you’ll get access to each change, enabling you to easily revert to earlier versions of your files. Git and GitHub also make it easy for multiple developers to collaborate on the same project.

      To start using GitHub for WordPress development, you’ll simply need to create a local WordPress environment, install Git, and sign up for GitHub. Then, you can create a local repository for your project and make a GitHub repository. Finally, you’ll need to commit your project to GitHub and fetch updates to your local repository.

      Are you looking for a WordPress hosting provider with developer-friendly features? At Dreamhost, we offer advanced features like SFTP, SSH access, easy access to the command line, and more. Check out our DreamPress plans for more information!

      Do More with DreamPress

      DreamPress Plus and Pro users get access to Jetpack Professional (and 200+ premium themes) at no added cost!

      Managed WordPress Hosting - DreamPress



      Source link

      99 Time-Saving WordPress Keyboard Shortcuts You Should Know


      It can take a lot of work to design, write, and edit new content for your website. In the process, you may not realize that you’re wasting time by needlessly moving your hand to and from your mouse. By not optimizing the way you use your computer, you likely won’t be as productive as you want to be.

      Fortunately, WordPress supports many keyboard shortcuts. These are specific key combinations that simplify many essential tasks. By learning these shortcuts, you can edit text, adjust formatting, and even moderate comments much more quickly.

      In this post, we’ll discuss why you might consider using WordPress keyboard shortcuts. Then, we’ll list some of the best ways to improve efficiency in your workflow. Let’s get started!

      Why You Should Consider Using WordPress Keyboard Shortcuts

      Whether you’re a beginner or a seasoned developer, working in a WordPress dashboard can be time-intensive. After writing blog posts or designing new pages, you may not have a lot of time to complete other important tasks.

      To help you boost productivity in your workflow, you can start using keyboard shortcuts. Essentially, this involves using key combinations to quickly perform certain actions.

      With keyboard shortcuts, you can avoid moving your hands back and forth from your mouse. Instead, you can simply rest your hands on your keyboard.

      For example, you can use Ctrl + Shift + D in the Block Editor. This combination will quickly and easily duplicate a block:

      WordPress keyboard shortcut

      You might think that learning new shortcuts may be a waste of time. However, it can ultimately help you publish more content in less time.

      The Best Time-Saving WordPress Keyboard Shortcuts

      Now that you know how keyboard shortcuts can benefit your workflow, it’s time to learn some of them! Since there are many options to choose from, you may easily become overwhelmed. However, you can simply pick a few that will best suit the tasks you’re working on.

      WordPress Keyboard Shortcuts for Editing

      As a blogger, one of the most important areas of your WordPress dashboard is the post or page editor. Fortunately, WordPress supports many keyboard shortcuts for the editing process. Whether you’re using the old Classic Editor or the Block Editor, you can use these shortcuts to improve your efficiency.

      Keep in mind that your button combinations will vary depending on your computer’s operating system. For Mac users, you’ll enter Command (⌘) + letter’, while Windows and Linux will use ‘Ctrl + letter’.

      Here are some editing shortcuts for Mac users:

      • Command (⌘) + C = Copy
      • Command (⌘) + V = Paste
      • Command (⌘) + A = Select all
      • Command (⌘) + X = Cut
      • Command (⌘) + Z = Undo
      • Command (⌘) + Y = Redo
      • Command (⌘) + B = Bold
      • Command (⌘) + I = Italic
      • Command (⌘) + U = Underline
      • Command (⌘) + K = Insert/edit link
      • Ctrl + Option (alt ⌥) + L = Align left
      • Ctrl + Option (alt ⌥) + M = Insert image
      • Ctrl + Option (alt ⌥) + O = 1. List

      If you want to do these tasks with a Windows computer, here are the shortcuts you could use:

      • Ctrl + C = Copy
      • Ctrl + V = Paste
      • Ctrl + A = Select all
      • Ctrl + X = Cut
      • Ctrl + Z = Undo
      • Ctrl + Y = Redo
      • Ctrl + B = Bold
      • Ctrl + I = Italic
      • Ctrl + U = Underline
      • Ctrl + K = Insert/edit link
      • Alt + Shift (⇧) + L = Align left
      • Alt + Shift (⇧) + M = Insert image
      • Alt + Shift (⇧) + O = 1. List

      Using any of these shortcuts, you can improve your editing skills and become more efficient:

      Classic editor keyboard shortcuts

      Although we’ve listed some of the best editing shortcuts, they’re by no means the only ones. Make sure to check out the full list in WordPress’s documentation!

      WordPress Keyboard Shortcuts for Managing Comments

      If you accept user comments on your site, you’ll want to find easy ways to navigate them. While you can use keyboard shortcuts to manage comments, this feature won’t be automatically enabled in the default WordPress settings.

      Therefore, you’ll need to go to Users > Profile and check the box next to Enable keyboard shortcuts for comment moderation:

      Enable comment keyboard shortcuts

      After you update these profile settings, you can visit the Comments page. Here, you can press J or K to select the first comment.

      Here’s how you can navigate through your comments:

      • J = Move selection down
      • K = Move selection upwards
      • X = Add a checkmark to a comment

      If you need to perform certain actions, here are some additional comment shortcuts:

      • A = Approve a comment
      • S = Mark as spam
      • D = Move to trash
      • Z = Restore a comment from the trash
      • U = Unapprove a comment
      • R = Reply to comment
      • Q = Quick edit
      • E = Open comment editing screen

      After you select multiple comments, you can use keyboard shortcuts for bulk actions:

      • Shift + X = Add or remove checkmark for all comments
      • Shift + A = Approve checked comments
      • Shift + S = Mark checked comments as spam
      • Shift + D = Delete checked comments
      • Shift + U = Unapprove checked comments
      • Shift + T = Move checked comments to trash
      • Shift + Z = Restore checked comments from trash

      Here’s how some of these shortcuts work in action:

      Comment keyboard shortcuts

      By learning these simple shortcuts, you can more easily manage your website’s comments section. This can benefit sites with a large audience since you’ll have to moderate a large number of replies.

      Get Content Delivered Straight to Your Inbox

      Subscribe to our blog and receive great content just like this delivered straight to your inbox.

      The Best WordPress Keyboard Shortcuts for the Block Editor

      WordPress still supports keyboard shortcuts for its Classic Editor, but chances are you’ve upgraded to the Block Editor. Otherwise known as Gutenberg, this tool enables you to create posts and pages using feature-packed content blocks. With this latest update, WordPress has also created new keyboard shortcuts.

      Global WordPress Keyboard Shortcuts

      It’s important to note that many of the previously mentioned keyboard shortcuts will still work in the Block Editor. However, you can learn Gutenberg-specific shortcuts to easily navigate the new editing interface.

      To make this learning process easier, WordPress has included a list of these shortcuts in the Block Editor. Once you add a new post or page, click on the three-dot icon and select Keyboard Shortcuts:

      Open keyboard shortcuts

      This will display a pop-up window with all the Block Editor shortcuts for your operating system. You can refer to them at any time:

      Gutenberg keyboard shortcuts

      Let’s go over the general options for Gutenberg. If you’re a Windows user, here are some Global shortcuts you can use:

      • Ctrl + Shift + Alt + M = Switch back and forth between the Classic and Block Editors
      • Ctrl + Shift + Alt + F = Toggle fullscreen mode
      • Shift + Alt + O = Open block list view
      • Ctrl + Shift + , = Display or hide settings sidebar
      • Ctrl + ` + Shift + Alt + N = Go to the next part of the editor
      • Ctrl + Shift + ` or Shift + Alt + P = Go to the previous part of the editor
      • Alt + F10 = Go to the nearest toolbar
      • Ctrl + S = Save changes
      • Ctrl + Z = Undo changes
      • Ctrl + Shift + Z = Redo an undo

      Here are the Mac versions of these Gutenberg shortcuts:

      • ⇧ + ⌥ + ⌘ + M = Switch back and forth between the Classic and Block Editors
      • ⇧ + ⌥ + ⌘ + F = Toggle fullscreen mode
      • ⌃ + ⌥ + O = Open block list view
      • ⇧ + ⌘ + , = Display or hide settings sidebar
      • ⌃ + ` or ⌃ + ⌥ + N = Go to the next part of the editor
      • ⌃ + ⇧ + ` or ⌃ + ⌥ + P = Go to the previous part of the editor
      • ⌥ + F10 = Go to the nearest toolbar
      • ⌘ + S = Save changes
      • ⌘ + Z = Undo changes
      • ⇧ + ⌘ + Z = Redo an undo

      For example, we used some Global shortcuts to open the sidebar, undo changes, and save the article draft:

      Global keyboard shortcuts

      As you can see, keyboard shortcuts can speed up your workflow if you use them properly!

      WordPress Keyboard Shortcuts for Selection

      In the Block Editor, you can also use shortcuts to select specific text or blocks. This way, you won’t have to use your trackpad or mouse to highlight the right content.

      With a Windows or Linux operating system, you can use these selection shortcuts:

      • Ctrl + A = Select all text or blocks
      • Escape = Clear selection
      • Double escape = Unselect the selected blocks

      Alternatively, Mac users will have these options:

      • ⌘ + A = Select all text or blocks
      • Escape = Clear selection

      These may not seem like the most useful shortcuts, but they can play an important role in the editing process. Without needing to move your hands away from the keyboard, you can select the text, then proceed to delete it or edit its formatting:

      Selection keyboard shortcuts

      Once you’ve memorized these simple selection shortcuts, you can start learning more complex ones!

      WordPress Keyboard Shortcuts to Manage Blocks

      Next, let’s discuss some different ways you can manage blocks with keyboard shortcuts. These enable you to easily duplicate blocks, move them, or remove them altogether.

      Here are all the block shortcuts for Windows:

      • Ctrl + Shift + D = Duplicate selected block
      • Double escape = Unselect selected blocks
      • Shift + Alt + Z = Remove selected blocks
      • Ctrl + Alt + T = Insert new block before selected block
      • Ctrl + Alt + Y = Insert new block after selected block
      • Del / backspace = Delete multiple selected blocks
      • Ctrl + Shift + Alt + T = Move selected block up
      • Ctrl + Shift + Alt + Y = Move selected block down
      • / = Change block type after adding a new paragraph

      For Mac users, here’s what you would use instead:

      • ⇧ + ⌘ + D = Duplicate selected block
      • Double escape = Unselect selected blocks
      • ⌃ + ⌥ + Z = Remove selected blocks
      • ⌥ + ⌘ + T = Insert new block before selected block
      • ⌥ + ⌘ + Y = Insert new block after selected block
      • Del / backspace = Delete multiple selected blocks
      • ⇧ + ⌥ + ⌘ + T = Move selected block up
      • ⇧ + ⌥ + ⌘ + Y = Move selected block down
      • / = Change block type after adding a new paragraph

      These shortcuts may seem complicated, but over time they’ll become muscle memory. Eventually, you’ll be able to edit blocks very quickly:

      Block editor shortcuts

      If you’ve ever been frustrated with having to scroll through all the available blocks before you find the right one, you should consider using block keyboard shortcuts. These can help you add the right layout without sacrificing valuable time!

      WordPress Keyboard Shortcuts to Edit Text Formatting

      You can also use keyboard shortcuts to edit text. For instance, you might bold, italicize, or underline certain words. You can also use them to add or remove links.

      Here are all the text formatting shortcuts for Windows users:

      • Ctrl + B = Bold text
      • Ctrl + I = Italicize text
      • Ctrl + U = Underline text
      • Ctrl + K = Convert text into a link
      • [[ = Add a link
      • Ctrl + Shift + K = Remove a link

      If you have a Mac, you’ll need to use these keyboard shortcuts:

      • ⌘ + B = Bold text
      • ⌘ + I = Italicize text
      • ⌘ + U = Underline text
      • ⌘ + K = Convert text into a link
      • [[ = Add a link
      • ⇧ + ⌘ + K = Remove a link

      To use these shortcuts, you’ll simply need to have some text already selected. Then, you can make your edits:

      Text keyboard shortcuts

      Although it’s already fairly easy to stylize text in WordPress, learning these keyboard shortcuts can speed up your workflow!

      Maximize WordPress Productivity

      At first, you may find it difficult to memorize keyboard shortcuts in WordPress. However, shortcuts can simplify your workflow and boost productivity once you start using them frequently.

      Whether you’re using a Windows or macOS operating system, you can learn specific keyboard shortcuts to make your WordPress dashboard easier to use. For example, you can use them to duplicate blocks, format text, manage comments, and more.

      Since WordPress offers many easy-to-use keyboard shortcuts, you may want to consider migrating your website to this platform. Fortunately, our DreamPress managed hosting plans include free automatic migrations to ease this transition!

      Do More with DreamPress

      DreamPress Plus and Pro users get access to Jetpack Professional (and 200+ premium themes) at no added cost!

      managed WordPress hosting provider



      Source link

      Beginner’s Guide to the WordPress .htaccess File


      Keeping your site safe should be a top priority for every administrator. WordPress is a secure platform out of the box, but that doesn’t mean it’s impervious to attacks. Fortunately, even if you aren’t a security expert, you can use a file called .htaccess to harden your site’s security policies.

      .htaccess is a configuration file for the Apache web server, which serves many WordPress sites. It’s a powerful tool that helps safeguard your site and boost its performance through some minor tweaks to its code. By editing this file, you can ban users, create redirects, prevent attacks, and even deny access to specific parts of your site.

      An Introduction to the .htaccess File

      .htaccess is short for “HyperText Access.” It’s a configuration file that determines how Apache-based servers interact with your site. In simpler terms, .htaccess controls how files in a directory can be accessed. You can think of it as a guard for your site because it decides who to let in and what they’re allowed to do.

      By default, an .htaccess file is typically included in your WordPress installation. The main purpose of this file is to improve security and performance. Plus, it also enables you to override your web server’s settings.

      You’ll most likely find your .htaccess file in your site’s root directory. Since .htaccess applies to both its own directory and any subdirectories within that main folder, it impacts your entire WordPress site.

      It’s also worth noting that the .htaccess file does not have a file extension. The period at the start simply makes sure the file remains hidden.

      How to Edit Your WordPress .htaccess File

      Editing the .htaccess file is, in practice, as simple as editing any other text file. However, because this is a core file, making changes to it can have unintended consequences.

      For this reason, it’s vitally important that you back up your site before you begin, regardless of whether you’re a beginner or an experienced developer.

      When you’re ready to edit your .htaccess file, you can access it using Secure File Transfer Protocol (SFTP) or Secure Shell (SSH). You will find .htaccess in your site’s root directory:

      WordPress .htaccess file

      Open the file using your preferred text editor, such as TextEdit or Notepad. If the file hasn’t been edited before, you’ll see the following default information:

      WordPress .htaccess file

      It’s important not to add or change anything between the # BEGIN and # END tags. Instead, all new code should be added after this block.

      At this point, all you need to do is add your code and save the file. When you’re including multiple new functions, it’s best to save and test each one separately. If an error occurs, this will make it much easier to troubleshoot which change caused the problem.

      While almost all WordPress installations will already contain an .htaccess file, in some cases, you may need to create one. You can do this using a text editor of your choice, as long as you save it with the right file name: .htaccess with no extension.

      It’s also important to configure the file’s permission settings correctly. You can then upload .htaccess to your site’s root directory.

      9 Things You Can Do With Your WordPress .htaccess File

      Now that you’re familiar with the .htaccess file, it’s time to get up close and personal. We’re going to introduce a number of ways you can easily boost your site’s security and performance by editing this file.

      Simply use the code snippets we’ve provided below, and remember to create a backup before you start!

      1. Deny Access to Parts of Your Site

      One of the most useful things you can do with .htaccess is deny access to certain pages and files. There are a few files you should consider hiding in this way for security reasons, such as your wp-config.php file.

      You can do this by adding the following code, which will cause a 404 error to appear if anybody attempts to view the file:

      <Files ~ "/wp-config.php">
      Order Allow,Deny
      Deny from All
      </Files>

      In cases where sensitive data should be hidden, it can be useful to restrict access to the corresponding directory. Since many WordPress sites use the same folder structure, this setup can leave your site vulnerable. If you add the following line, it will disable the default directory listing functionality:

      Options -Indexes

      This will stop users and robots from viewing your folder structure. If anybody tries to access it, they’ll be shown a 403 error page instead.

      2. Redirect and Rewrite URLs

      Creating redirects enables you to automatically send users to a specific page. Redirects can be particularly useful if a page has moved or been deleted, and you want users who attempt to access that page to be taken somewhere else.

      You can accomplish this with a plugin such as Redirection, but it’s also possible to do it by editing the .htaccess file. To create a redirect, use the following code:

      Redirect /oldfile.html http://www.example.com/newfile.html

      You can probably see what’s going on here. The first part is the path to the old file, while the second part is the URL you want visitors to be redirected to.

      Get Content Delivered Straight to Your Inbox

      Subscribe to our blog and receive great content just like this delivered straight to your inbox.

      3. Force Your Site to Load Securely With HTTPS

      <style>.embed-container { position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden; max-width: 100%; } .embed-container iframe, .embed-container object, .embed-container embed { position: absolute; top: 0; left: 0; width: 100%; height: 100%; }</style><div class=’embed-container’><iframe src=’https://www.youtube.com/embed/QeicRf_Ri3Y’ frameborder=’0′ allowfullscreen></iframe></div>

      If you have added an SSL certificate to your domain, such as DreamHost’s free Let’s Encrypt certificate, it’s a good idea to force your site to load using HTTPS. This will ensure that your site is safer for both you and your visitors.

      You can make it happen by adding the following code:

      RewriteEngine On
      RewriteCond %{HTTPS} !=on
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

      Your site will now automatically redirect any HTTP requests and direct them to use HTTPS instead. For example, if a user tries to access http://www.example.com, they will be automatically redirected to https://www.example.com.

      4. Change Caching Settings

      Browser caching is a process where certain website files are temporarily saved on a visitor’s local device to enable pages to load faster. Using .htaccess, you can change the amount of time that your files are stored in the browser cache until they are updated with new versions.

      There are a few different ways to do this, but for this example, we’ll use a function called mod_headers. The following code will change the maximum caching time for all jpg, jpeg, png, and gif files:

      <ifModule mod_headers.c>
      <filesMatch "\\.(jpg|jpeg|png|gif)$">
      Header set Cache-Control "max-age=2592000, public"
      </filesMatch>

      We’ve set the maximum time to 2,592,000 seconds, which equates to 30 days. You can change this amount if you want, as well as the file extensions that will be affected. If you want to add different settings for different extensions, simply add more mod_header functions.

      5. Prevent Certain Script Injection Attacks

      Script injection (or ‘code injection’) attacks attempt to change how a site or application executes by adding invalid code. For example, someone might add a script to a text field on your site and then submit it, which could cause your site to actually run the script.

      You can add the following code to protect against certain types of script injection:

      Options +FollowSymLinks
      RewriteEngine On
      RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
      RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
      RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
      RewriteRule ^(.*)$ index.php [F,L]

      Your site should now be able to detect and stop script injection attempts and redirect the culprit to your index.php page.

      However, it’s important to note that this example will not protect against all types of injection attacks. While this particular code can certainly be useful, you should not use it as your only protection against this type of attack.

      6. Stop Username Enumeration Attacks

      Username enumeration is a process where usernames from your site are harvested by looking at each user’s author page. This is particularly problematic if someone manages to find your admin username, which makes it much easier for bots to gain access to your site.

      You can help prevent username enumeration by adding the following code:

      RewriteCond %{REQUEST_URI} !^/wp-admin [NC]
      RewriteCond %{QUERY_STRING} author=\d
      RewriteRule .* - [R=403,L]

      This will stop certain attempts to enumerate usernames and throw up a 403 error page instead. Bear in mind that this will not prevent all enumeration, and you should test your security thoroughly. We also recommend strengthening your login page further by implementing Multifactor Authentication.

      7. Prevent Image Hotlinking

      Image hotlinking is a common problem that happens when images on your server are being displayed on another site. You can stop this by adding the following code to .htaccess:

      RewriteEngine On
      RewriteCond %{HTTP_REFERER} !^$
      RewriteCond %{HTTP_REFERER} !^https://(www\.)?example.com/.*$ [NC]
      RewriteRule \.(png|gif|jpg|jpeg)$ https://xpresservers.com/wp-content/webpc-passthru.php?src=https://www.example.com/wp-content/uploads/hotlink.gif&nocache=1 [R,L]

      Replace example.com with your own domain, and this code will prevent images from loading on all other sites. Instead, the picture you specify on the last line will load. You can use this to send an alternative image to sites that try to display graphics from your server.

      Beware that this may cause issues when you might want images to appear externally, such as on search engines. You might also consider linking to a script instead of a static image, then respond with a watermarked image or an image containing an ad.

      8. Control Your File Extensions

      By using .htaccess, you can control how files of different extensions are loaded by your site. There’s a lot you can do with this feature, such as running files as PHP, but we’re just going to look at a basic example for now.

      The following code will remove the file extension from PHP files when they’re loaded. You can use this with any file type, as long as you replace all instances of “php” with the extension you want:

      RewriteEngine On
      RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\ HTTP/
      RewriteRule ^(.*)index$ http://example.com/$1 [L,R=301]
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule ^([^/]+)/$ http://example.com/$1 [L,R=301]
      RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.+)\.php\ HTTP/
      RewriteRule ^(.+)\.php$ http://example.com/$1 [L,R=301]
      RewriteRule ^([a-z]+)$ /$1.php [L]

      This will cause all PHP files to load without displaying their extension in the URL. For example, the index.php file will appear as just index.

      9. Force Files to Download

      Finally, when a file is requested on your site, the default behavior is to display it in the browser. For example, if you’re hosting an audio file, it will start to play in the browser rather than being saved to the visitor’s computer.

      You can change this by forcing the site to download the file instead. This can be done with the following code:

      AddType application/octet-stream mp3

      In this example, we’ve used mp3 files, but you can use the same function for txt, mov, or any other relevant extension.

      Improve Your Site’s Security and Performance

      The .htaccess file provides flexibility for controlling how your web server behaves. You can also use it to increase your site’s performance and get more control over exactly who can access what information.

      With .htaccess, you can deny access to particular parts of your website. Additionally, it allows you to redirect URLs, force your site to load over HTTPS, and prevent some script injection attacks.

      Editing your .htaccess file is just one way to improve your site’s security. Choosing a secure WordPress hosting provider is another. Check out our DreamPress managed hosting plans to see how we can boost your website’s security and performance!

      Do More with DreamPress

      DreamPress Plus and Pro users get access to Jetpack Professional (and 200+ premium themes) at no added cost!

      Managed WordPress Hosting - DreamPress



      Source link