Useful .htaccess code



All are hand-written by me.

1. Force HTTPS + WWW

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^gulshankumar\.net [NC,OR]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$$1 [R=301,L]

Best use: When you want to force https+www in one go.
Wrong use: Only in case of HSTS, we shouldn’t force https and www together. Instead use below one.


RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

2. Restrict WordPress Login page for particular Country using Cloudflare

<FilesMatch "wp-login.php">
    RewriteEngine on
    RewriteCond %{HTTP:CF-IPCountry} !^(IN)$
    RewriteRule ^(.*)$ – [R=403,L]

Best usage: For Login Security purpose
In-depth guide: See at my Facebook page

3. Redirect from AMP to non-AMP path

RewriteEngine On
RewriteCond %{REQUEST_URI} (.+)/amp(.*)$
RewriteCond %{REQUEST_URI} !^/wp-content/(.*)$ 
RewriteRule ^ %1/ [R=301,L]

Best usage: When you are sure non of the AMP pages are indexed in Google, still you want to prevent 404 hits for the AMP pages, this snippet is going to be helpful

4. Redirect from one page to another with trailing slash and non-trailing slash, both supported

RedirectMatch 301 /blog/?$
RedirectMatch 301 /forum/?$

Best usage: When you want to redirect from old x to new permalink y location.

5. Block any IP address

order allow,deny
deny from
allow from all

Best usage: If you want to block someone IP.

6. Force HTTPS + non-www in one go

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^www\.gulshankumar\.net [NC]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$$1 [R=301,L]

Best usage: When you want to keep HTTPS without WWW.

7. Set a custom message in HTTP response

<filesMatch ".(x?html?|php)$">
Header set a-message "Services? Hire me"

Best usage: Promote anything in unique way.

8. Noindex certain file formats

<filesMatch ".(xml|pdf|txt)$">
Header set X-Robots-Tag "noindex, follow"

Best usage: Prevent search engine from indexing any specific file formats.


Wants to add more? Please do share in the reply section. :slight_smile:

How to Fix Mixed Content/Insecure Content Warning in WordPress
Using HTTPS in WordPress without Really Simple SSL Plugin
Migrate WordPress from Cloudways to Vultr with ServerPilot (In 1 hour)

Bookmarked it.


@anon13276939 It’s not required if you just want to restrict login page to country.


How do we check whether both urls are being indexed? With or without trailing slash?


@razor We can use HTTP Header Response Checker :arrow_right:

This one is my favourite way to quickly check for Bulk URLs. :slight_smile:



So i need to insert trailing slash redirection right?


That was not for Homepage. I wrote in another context - that is about permalink.
It’s useful if we do redirect from the old to new path. That moment, we need to take care that with and without slash, redirect is working fine.


@razor This article would be helpful. Slash at hostname doesn’t matter.


Oh. Understood. My site is fine then.


Where to add this code in htaccess…


Top location.


It works from top to bottom, so I would recommend at least must keep before default WordPress rules.


thanks bhaiya :slight_smile:


You’re welcome! :slight_smile:


I see.
Well, some hosting like Cloudways works together with Apache and NGINX, there above rules also suitable. I have tested. :slight_smile:


Added few more .htaccess rules. (6, 7 and 8)


How do I know if my hosting using apache or NGINx? may be a dump question. But I don’t know the answer :frowning:


Should I force HTTPS using CloudFlare or this method? :thinking:


htaccess is always better


I have added this to the top of the .htaccess and it does not work :thinking: