Redirect HTTP to HTTPS Using .htaccess

In today’s world, security is of paramount importance when it comes to web applications. One of the simplest ways to enhance your website’s security is by enforcing HTTPS, which stands for Hypertext Transfer Protocol Secure. HTTPS ensures that all communication between your browser and the website are encrypted.

When a user visits your website using an unsecured HTTP connection, we would ideally want to redirect them to the secure HTTPS version. This is where the Apache’s .htaccess file comes into play.

In Apache web servers, the .htaccess (hypertext access) file is a directory-level configuration file that allows for decentralized management of web server configuration. You can use .htaccess to rewrite URLs, password-protect directories, enable/disable additional functionalities, and much more. In this blog post, we’ll focus on how to use .htaccess to redirect all HTTP traffic to HTTPS.

The .htaccess File

The .htaccess file should be located in the root directory of your website. If the file doesn’t already exist, you can create it using a plain text editor. Note that the file has no name and the extension is .htaccess.

Now, let’s dive into the code to achieve this HTTP to HTTPS redirect.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Here’s what each line does:

  1. RewriteEngine On: This line enables the runtime rewriting engine. Essentially, it tells the server to start interpreting the rewrite rules that follow.
  2. RewriteCond %{HTTPS} off: This is a condition that checks if the HTTPS is off for the current request. If it is, the following RewriteRule will be executed.
  3. RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]: This is the rule that will be executed if the preceding condition is met. In essence, it tells the server to redirect all traffic ((.*)) to the same host (%{HTTP_HOST}) and the same requested resource (%{REQUEST_URI}), but over HTTPS. The [R=301,L] flag indicates that it is a permanent redirect (301) and this should be the last rule processed (L).

By incorporating these lines of code into your .htaccess file, you can ensure that all incoming HTTP traffic is seamlessly redirected to HTTPS, hence making your website more secure.

With a little knowledge of how .htaccess works and some simple code, you can significantly improve your website’s security and user trust in a short amount of time.

How to Increase Maximum Upload File Size in WordPress

Edit .htaccess file

php_value upload_max_filesize 128M
php_value post_max_size 128M
php_value memory_limit 256M
php_value max_execution_time 300
php_value max_input_time 300

Or

Edit wp-config.php file

@ini_set( 'upload_max_filesize' , '128M' );
@ini_set( 'post_max_size', '128M');
@ini_set( 'memory_limit', '256M' );
@ini_set( 'max_execution_time', '300' );
@ini_set( 'max_input_time', '300' );

References
https://help.servmask.com/2018/10/27/how-to-increase-maximum-upload-file-size-in-wordpress/

Add Expires Headers to .htaccess File in WordPress

Making sure mod_expires is enabled

sudo a2enmod expires
systemctl restart apache2

Add Expires Headers to .htaccess

To add Expires Headers to your site, you need to edit the .htaccess file.

Simply download the .htaccess file from the root of your host (it may be hidden) and add the code below:

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
## EXPIRES CACHING ##

References
https://electrictoolbox.com/apache-mod-expires-browser-caching/
https://betterstudio.com/blog/add-expires-headers-htaccess/

Disable Directory Browsing In WordPress

To disable directory browsing in WordPress all you need to do is add a single line of code in your WordPress site’s .htaccess file located in the root directory of your website.
Once connected to your website, you will find a .htaccess file in your site’s root directory. .htaccess is a hidden file, and if you can not find it on your server, you need to make sure that you have enabled your FTP client to show hidden files.
Now at the end of your WordPress generated code in the .htaccess file simply add this line at the bottom:

Options All -Indexes

References
https://bloggingwizard.com/disable-directory-browsing-wordpress/
https://www.wpbeginner.com/wp-tutorials/disable-directory-browsing-wordpress/

Mapping Multiple Domains into Single Instance of WordPress

Approach Taken & Implemented

  • Installed the WordPress into parent domain myjeeva.com
  • Configured various plugins for my blog
  • Pointed second domain myjeeva.mobi into parent domain IP through A record in DNS zone editor
  • Edited wp-config.php for two domain names according while accessing i.e. to reflect Site URL and  Site Home to respectivel

Editing wp-config.php

  • Go to WordPress installed root directory and look for wp-config.php file
  • Place below lines after the table_prefix line; order is very important in wp-config.php
/*
 * Handle multi domain into single instance of wordpress installation
 */
define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST']);
define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST']);
  • Go to wordpress admin page and take a look at Settings -> General. You will have WordPress Address (URL) and Site Address (URL) will be in disabled state.  It means your wordpress installation dynamic enoungh to accomadate both domain address

References
https://myjeeva.com/mapping-multiple-domains-into-single-instance-of-wordpress.html