Databases, Systems & Networks

Secure .htaccess File

<Files .htaccess>
 order allow,deny
 deny from all
</Files>

This first set of lines essentially prevents others from viewing your htaccess file (and learning all about your crazy redirects).

EE 404 Page for Missing Pages

ExpressionEngine handles the 404 page if you set it up correctly, but it is also safer to let the server know where that file is in case things go awry outside of the control of ExpressionEngine.  The above path will differ based off of your url structure.

Simple 404 for Missing Files

Unlike the EE 404 page, which loads a whole 404 page that you created, a missing image will simply return a message instead of an entire file.  It will save bandwidth.

Remove the www

Three w’s are so 2009.  Get rid of them.  If you don’t either add them or remove them, clients may log in to the www version of the site, and try to access super-admin views with the non-www version of the site, and then things just get messy, confusing, and they call you to fix it.  Save yourself a phone call and put this code in there.

Remove the trailing slash

You can either add or remove this trailing slash automatically, in order to make your URLs consistent and to help your search engine placement.  ExpressionEngine 2 by default uses no trailing slashes, so I remove those others that get in there somehow.

Remove index.php (exclude method)

There are a number of ways to do this, but generally it falls down to personal preference.  I find the most stable and easiest to implement method to be the exclude method, where I simply name the files and folders in the site’s root, and make sure to escape the period characters with a backslash.  The caveat to this is that if you add another folder to the site’s root, it needs to be added here too.  Also, in the above example, I use admin.php instead of a system folder because I usually put the system folder above the web root.

Cache Images and Fonts for 1 Year

This causes the browser to cache the images and font files for 1 year by default, but a simple emptying of the cache, or hotkey combination while refreshing will load them anew (nice for development testing and general troubleshooting).  One thing to keep in mind with this parameter is not to replace images with the same name if you can help it, as your user may have to wait a year to see the new image.  You can always reduce this timeframe to something else, like a week (max-age=604800).

Is there More?

This is my basic .htaccess file that seems to cause the least issues with various server configurations.  There are other resources out there, such as Devot-ee’s article on their standard htaccess file (very similar with a few more whistles), and Leevi Graham’s NSM .htaccess Generator (commercial addon).

The Whole Shebang

For the love, please replace « yoursite » below with whatever your url is, and remember to double-check those excludes files and folders to remove the index.php.