WP Super Secure and Fast htaccess is a wordpress plugin that allow you to automatically insert in your .htaccess file directives that:

  • Protect .htaccess From Outside Access
  • Protect wp-config.php From Unwanted Access
  • Disable Directory Browsing
  • Protect From Spam Comments
  • Prevent Hotlinking
  • Using mod_gzip Compression
  • Using mod_deflate Compression
  • Disable ETags
  • Set Expiration Times For Caching

This plugin was inspired by a link of Francesco Gavello to this impressive post of Antti Kokkonen.

Download it

  1. Hi,

    is this plugin compatible with WP Super Cache ?



  2. I installed this plugin and not can’t even get to my admin panel, get error 500! How do I back it out?

  3. Hi Andrea! Thanks for the link and credit, much appreciated – and I guess I should thank Francesco again 🙂

    Word of warning with preventing hotlinking to the users, I personally don’t use that, as it also prevents from images to show in RSS feeds unless one modifies it a bit. Thus, it should only be added to .htaccess only if you actually have trouble with aggressive hotlinkers (and you are running on limited bandwidth).

    Oh and since you’ve turned it into a plugin, a nice feature would be to check if either mod_gzip or mod_deflate is actually enabled on the host, since that requires that little trick I explain on my post to check manually. Sadly, some (shared) hosts don’t run either of them.

  4. Hi Anti! You inspired me…you’re great!

    I’m going to write your suggestion in the next release of the plugin.
    In the plugin I’m checking if the two modules are active to avoid internal server error.

    Thanks a lot for tips and new features 😉 and new idea are welcome.

  5. Hi Andrea,

    I’m looking for an option which prevents unregistered users from accessing an uploaded file. Any chance this will be an feature in upcoming releases?

    Best regards

    • Hi Jaroen and thanks for this suggestion but it is a little bit difficult with .htaccess. In this case it is necessary to integrate your users in htaccess and restrict the access to the folder uploads to th mapped users.

      Great idea but a little bit difficult…I’m gonna study;)

  6. The plug in sounds great, Id love to use it, but it turned my dashboard almost completely white and the site as well. I do have an htaccess file for permalinks, so my hosting company can handle it. Any suggestions?

  7. Excellent plugin. Impressive interface, excellent options using it on multiple sites including some energy sites and having great success with it. Awesome job!

  8. Why is the following placed into the .htaccess file by this plugin?

    RewriteRule .(jpg|jpeg|png|gif)$ http://www.andreapernici.com/nohotlinking.jpg [NC,R,L]

    This randomly places your face (picture) over one or more pictures on the website and it also immediately links to you website.

    It is really annoying to see somebody’s distorted pictures everywhere where there is supposed to be a picture, and to wait an extra 30 seconds for a page to load because it is first redirected to your site!

    • Hi Deon.
      That rule is used to prevent hotlinking and you can replace with any image you want.
      If you don’t want to use the hotlinking prevention you can disable it in the plugin admin.
      If you don’t know what is hotlinking try searching on google 😉

  9. Hey Why you add your link this is not ture.

    MY Site Show 20-30 mines your Face .



  10. Adding your follow me on twitter thing on other people’s website’s through your plugin really proves the plugin serve against its purpose!

  11. You fucker! I disabled your hotlinking and the image still appears. I disabled your plug-in and it is still there.

    I am reporting you plug-in immediately.

    • Hi Maria you are probably making something wrong.
      Try deleting the hotlinking line in your .htaccess file or disabling the function in the plugin admin page.

      Don’t fuck me if you don’t know what you are doing.


  12. Yo! I really like this plug in. I used it on my website. Thanks a bunch for this plugin! I now have gzip working!

  13. Vorrei impedire gli utenti ai quali vengono assegnati altrettanti ambienti di WP, di uscire dal proprio WP folder impiegando la sintassi ../../ ecc.
    In pratica il server è ‘apparecchiato’ in cartelle del tipo:
    cartella_01 (contiene WP utente 01)
    cartella_02 (contiene WP utente 02)
    Quindi vorrei impedire all’utente di cartella_02 (ad esempio) di ‘pescare’ files che stanno nella cartella_01.
    se da wp-content di cartella_02 mi scrive:
    va a prendere contenuti di cartella_01.
    Ciò andrebbe assolutamente impedito!
    Con questo plugin posso scrivere un file .htaccess con le istruzioni che fanno al caso mio e poi .htaccess in ciascuna cartelle dei diversi utenti ?

    Grazie per la cortese attenzione.

    • Ciao Stefano,
      questo plugin non si occupa di quello di cui hai bisogno ma sicuramente puoi ottenere il risultato che vuoi attribuendo utenti e permessi alle varie cartelle lato sistema.

  14. Hello Andrea
    I am building this website : http://www.monparispascher.com.
    In attempt tospeed-up the loading of my site I have given a try to your plugin WP Secure qnd Fqst HT Access. After checking all the options and saving, I happen to have an internal error 500 and I can’t access my site nor my admin page !!!
    I have tried removing my htaccess file, I can access to my site again but it’s all messed out since my htaccess file is blank now.
    So, in a nutshell, ever since I activated my plugin I have either a messed-up site (with a blank htaccess) or an internal 500 error and no site at all…
    PLEASE… Help me so I can find back my website !!!
    Is there a way to restore my previous version of the.htaccess file, right before your plugin destroyed it or to remove the lines that were added with the plugin ???

    Thank you very much in advance for your MUCH NEEDED help… 🙂

    • Hello Maël,

      simply restore the default wordpress htaccess.

      # BEGIN WordPress

      RewriteEngine On
      RewriteBase /
      RewriteRule ^index\.php$ – [L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . /index.php [L]

      # END WordPress

  15. Hello Andrea,
    Your plugin is messing up my website. It is redirecting all my images to your websites through the link http://www.andreapernici.com/nohotlinking.jpg. As a result my site is awfully slow to load.
    You can obviously imagine I am pissed at your plugin and, from what I have read on the web, I don’t seem to be the only one in that case.

    So, I would like to get rid, once and for all of this image redirection technique of yours.
    I have tried deactivating your plugin, removing your redirection line from my htaccess, removing it from your php plugin file and I just CAN’T GET RID OF THESE REDIRECTIONS !!!

    Please tell me how this can be done.

    Thank you

    • Hi Mppc, as I said before it’s not possible for me to know all hosting configuration but if you simply remove htaccess line added by the plugin you can restore back cause the plugin only write in the .htaccess.

  16. is this plugin workd for wo 3.1.x

  17. Hi there,
    is this multisite wordpress compatible?

  18. Hi Andrea,

    I just installed your plugin because someone hotlinked my header image to have traffic diverted through my server!

    I went to the options page and selected disable directory browsing, protect from spam contents, and prevent hotlinking. I checked today and the image is still being used. Was something done incorrectly? What can I do to resolve this situation?

    Thanks Andrea!!

  19. Hi,

    I just want to know how safe is your plugin against the latest wordpress since it isn’t tested against it.

  20. Hey Andre,
    How can it’s changes the rewrite rules of W3C Cache Plugin ?

  21. I tried on multisite and it seems to work! Thank you 🙂

Leave a Reply

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *