Aumenta espectacularmente el rendimiento de tu sitio Joomla!
Las siguientes pautas de optimización están dirigidas a aumentar la seguridad y el rendimiento de tu sitio Joomla. Están probadas y funcionan perfectamente en esta página aumentando espectacularmente la velocidad de carga del sitio.
Sin embargo, al aplicar las reglas en el archivo .htaccess no significa que el sitio no pueda caer. Hay que ir a través de todas las secciones y modificarlas para que coincidan con tu sitio. En particular, todas las instancias de domain.com y dominio\.com deben ser reemplazadas con el nombre del dominio real.
Algunas secciones son demasiado exigentes y puede causar problemas con peticiones legítimas.
Tú eres el último responsable de desactivarlas (comentándolas con una o varias almohadillas #) o escribir las reglas de excepción para tus peticiones. En particular, la sección de protección de servidores avanzados causará problemas con varios minifiers eXtplorer, Virtuemart y otras extensiones que utilizan secuencias de comandos no estándar como sus puntos de entrada. Deberás agregar excepciones para ellos de forma manual.
Algunas secciones - dependiendo de la configuración del servidor - pueden hacer que tu sitio produzca un 500 Internal Server Error. La única manera de averiguar cuál la está causando es el método de ensayo y error.
Este es mi archivo .htaccess completo y optimizado para un servidor compartido de OVH Hispano:
## # @package Joomla # @copyright Copyright (C) 2005 - 2012 Open Source Matters. All rights reserved. # @license GNU General Public License version 2 or later; see LICENSE.txt ## ## # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE! # # The line just below this section: 'Options +FollowSymLinks' may cause problems # with some server configurations. It is required for use of mod_rewrite, but may already # be set by your server administrator in a way that dissallows changing it in # your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work, # it has been set by your server administrator and you do not need it set here. ## ## Definimos qué versión de Php utilizaremos, desactivamos registros globales, magic quotes y activamos Zend optimizer SetEnv PHP_VER 5_3 SetEnv REGISTER_GLOBALS 0 SetEnv ZEND_OPTIMIZER 1 SetEnv MAGIC_QUOTES 0 ## Mod_rewrite in use. RewriteEngine On ## Can be commented out if causes errors, see notes above. Options +FollowSymLinks All -Indexes ## Usr en la Url las tres w: www. RewriteCond %{HTTP_HOST} ^xn--apaados-6za.es [NC] RewriteRule ^(.*)$ http://www.xn--apaados-6za.es/$1 [L,R=301] ########## Y al contrario: Begin - Redirect www to non-www ## WARNING: Comment out the non-www to www rule if you choose to use this #RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] #RewriteRule ^(.*)$ http://%1/$1 [R,L] ########## End - Redirect non-www to www ########## De antiguo a nuevo dominio: Begin - Redirect olddomain.com to www.domain.com ## Note: olddomain.com is your old domain name, you want to redirect FROM, ## whereas www.domain.com is the new domain name you want to redirect TO. ## Change those names to reflect your current configuration. Remember, this ## file is supposed to be placed in www.domain.com! #RewriteCond %{HTTP_HOST} ^olddomain.com [NC] #RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R] ########## End - Redirect olddomain.com to www.domain.com ## Redirección error 404 a página personalizada ErrorDocument 404 http://www.xn--apaados-6za.es/index.php?option=com_content&view=article&id=73 ## Begin - Rewrite rules to block out some common exploits. # If you experience problems on your site block out the operations listed below # This attempts to block the most common type of exploit `attempts` to Joomla! # # Block out any script trying to base64_encode data within the URL. RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] # Block out any script that includes a <script> tag in URL. RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL. RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL. RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Return 403 Forbidden header and show the content of the root homepage RewriteRule .* index.php [F] # ## End - Rewrite rules to block out some common exploits. ## Begin - Custom redirects # # If you need to redirect some pages, or set a canonical non-www to # www redirect (or vice versa), place that code here. Ensure those # redirects use the correct RewriteRule syntax and the [R=301,L] flags. # ## End - Custom redirects ## # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla! Directory (just / for root). ## # RewriteBase / ## Begin - Joomla! core SEF Section. # RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # # If the requested path and file is not /index.php and the request # has not already been internally rewritten to the index.php script RewriteCond %{REQUEST_URI} !^/index\.php # and the request is for something within the component folder, # or for the site root, or for an extensionless URL, or the # requested URL ends with one of the listed extensions RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC] # and the requested path and file doesn't directly match a physical file RewriteCond %{REQUEST_FILENAME} !-f # and the requested path and file doesn't directly match a physical folder RewriteCond %{REQUEST_FILENAME} !-d # internally rewrite the request to the index.php script RewriteRule .* index.php [L] # ## End - Joomla! core SEF Section. # activate mod_deflate SetOutputFilter DEFLATE AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddOutputFilterByType DEFLATE text/php text/html text/txt text/xml text/css style/css AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript # Add caching headers for all files <IfModule mod_expires.c> ExpiresActive On ExpiresByType text/html "access plus 1 seconds" <FilesMatch \.css$> ExpiresDefault "access plus 2 years" </FilesMatch> ExpiresByType text/css "access plus 2 years" # Expire specific files <FilesMatch "^(file.js.x)$"> ExpiresActive on ExpiresDefault "access plus 2 years" </FilesMatch> <FilesMatch \.js$> ExpiresDefault "access plus 2 years" </FilesMatch> ExpiresByType text/javascript "access plus 2 years" ExpiresByType application/javascript "access plus 2 years" ExpiresByType application/x-javascript "access plus 2 years" ExpiresByType text/x-js "access plus 2 years" ExpiresByType text/ecmascript "access plus 2 years" ExpiresByType application/ecmascript "access plus 2 years" ExpiresByType text/vbscript "access plus 2 years" ExpiresByType text/fluffscript "access plus 2 years" <FilesMatch \.(bmp|png|gif|jpe?g|ico)$> ExpiresDefault "access plus 2 years" Header set Expires "Wed, 15 Apr 2020 20:00:00 GMT" </FilesMatch> ExpiresByType image/gif "access plus 2 years" ExpiresByType image/png "access plus 2 years" ExpiresByType image/jpeg "access plus 2 years" ExpiresByType image/jpg "access plus 2 years" ExpiresByType image/x-icon "access plus 2 years" ExpiresByType image/ico "access plus 2 years" ExpiresByType image/bmp "access plus 2 years" <FilesMatch \.(eot|ttf|otf|svg)$> ExpiresDefault "access plus 30 days" </FilesMatch> ExpiresByType application/x-font-opentype "access plus 7 days" ExpiresByType application/x-font-truetype "access plus 7 days" ExpiresByType application/x-font-ttf "access plus 7 days" ExpiresByType application/x-font "access plus 7 days" ExpiresByType font/opentype "access plus 7 days" ExpiresByType font/otf "access plus 7 days" ExpiresByType application/vnd.oasis.opendocument.formula-template "access plus 7 days" ExpiresByType image/svg+xml "access plus 7 days" ExpiresByType application/vnd.ms-fontobject "access plus 7 days" ExpiresByType font/woff "access plus 7 days" <FilesMatch \.(flv|wmv|asf|asx|wma|wax|wmx|wm)$> ExpiresDefault "access plus 7 days" </FilesMatch> ExpiresByType video/x-flv "access plus 7 days" ExpiresByType video/x-ms-wmv "access plus 7 days" ExpiresByType video/x-ms-asf "access plus 7 days" ExpiresByType video/x-ms-asx "access plus 7 days" ExpiresByType video/x-ms-wma "access plus 7 days" ExpiresByType video/x-ms-wax "access plus 7 days" ExpiresByType video/x-ms-wmx "access plus 7 days" ExpiresByType video/x-ms-wm "access plus 7 days" <FilesMatch \.(swf|pdf|doc|rtf|xls|ppt)$> ExpiresDefault "access plus 2 years" </FilesMatch> ExpiresByType application/x-shockwave-flash "access plus 2 years" ExpiresByType application/pdf "access plus 2 years" ExpiresByType application/msword "access plus 2 years" ExpiresByType application/rtf "access plus 2 years" ExpiresByType application/vnd.ms-excel "access plus 2 years" ExpiresByType application/vnd.ms-powerpoint "access plus 2 years" </IfModule> <IfModule mod_headers.c> Header unset ETag Header unset Last-Modified </IfModule> ########## Begin - ETag Optimization ## This rule will create an ETag for files based only on the modification ## timestamp and their size. This works wonders if you are using rsync'ed ## servers, where the inode number of identical files differs. ## Note: It may cause problems on your server and you may need to remove it FileETag MTime Size ########## End - ETag Optimization
Los siguientes elementos son opcionales y no los he probado en el sitio, hacerlo con mucho cuidado aplicando y sección por sección para localizar los posibles errores del servidor:
########## Begin - Common hacking tools and bandwidth hoggers block ## By SigSiu.net and @nikosdion. ## WARNING: This will also block old versions of JoomlaPack Remote ## and will disallow running CRON jobs using wget. # The following rules are for common hacking tools: SetEnvIf user-agent "Indy Library" stayout=1 SetEnvIf user-agent "libwww-perl" stayout=1 SetEnvIf user-agent "Wget" stayout=1 # The following rules are for bandwidth-hogging download tools SetEnvIf user-agent "Download Demon" stayout=1 SetEnvIf user-agent "GetRight" stayout=1 SetEnvIf user-agent "GetWeb!" stayout=1 SetEnvIf user-agent "Go!Zilla" stayout=1 SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1 SetEnvIf user-agent "GrabNet" stayout=1 SetEnvIf user-agent "TurnitinBot" stayout=1 # This line denies access to all of the above tools deny from env=stayout ########## End - Common hacking tools and bandwidth higgers block ########## Begin - Redirect index.php to / ## Note: Change domain.com to reflect your own domain RewriteCond %{THE_REQUEST} ^.*/index\.php$ RewriteRule ^index\.php$ http://www.domain.com/ [R,L] ########## End - Redirect index.php to / ########## Begin - File injection protection, by SigSiu.net RewriteCond %{REQUEST_METHOD} GET RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]\=http:\/\/(.*) RewriteRule ^(.*)$ - [F,L] ########## End - File injection protection ########## Begin - Advanced server protection rules exceptions #### ## ## These are sample exceptions to the Advanced Server Protection 2.0 ## rule set further down this file. ## ## Allow UddeIM CAPTCHA RewriteRule ^(components/com_uddeim/captcha15\.php)$ $1 [L] ## Allow Phil Taylor's Turbo Gears RewriteRule ^(plugins/system/GoogleGears/gears-manifest\.php) $1 [L] ## Allow JoomlaWorks AllVideos RewriteRule ^(plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php) $1 [L] # Add more rules to single PHP files here ## Allow Agora attachments, but not PHP files in that directory! RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{REQUEST_FILENAME} !(\.php)$ RewriteRule ^(components/com_agora/img/members/.*) $1 [L] # Add more rules for allowing full access (except PHP files) on more directories here ## Uncomment to allow full access to the cache directory (strongly not recommended!) #RewriteRule ^(cache/.*)$ $1 [L] ## Uncomment to allow full access to the tmp directory (strongly not recommended!) #RewriteRule ^(tmp/.*)$ $1 [L] # Add more full access rules here ########## End - Advanced server protection rules exceptions #### ########## Begin - Advanced server protection # Advanced server protection, version 2.0 - August 2010 # by Nicholas K. Dionysopoulos ## Referrer filtering for common media files. Replace with your own domain. ## This blocks most common fingerprinting attacks ;) ## Note: Change www\.domain\.com with your own domain name, substituting the dots with ## \., i.e.: www\.example\.com for www.example.com RewriteRule ^(images/stories/*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?))$ $1 [L] RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{HTTP_REFERER} !^http://www\.domain\.com [NC] RewriteRule \.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?)$ - [F,L] ## Disallow visual fingerprinting of Joomla! sites (module position dump) ## Initial idea by Brian Teeman and Ken Crowder, see: ## http://www.slideshare.net/brianteeman/hidden-joomla-secrets ## Improved by @nikosdion to work more efficientyl and handle template ## and tmpl query parameters RewriteCond %{QUERY_STRING} (^|&)tmpl=component [NC] RewriteRule ^(.*)$ $1 [L] RewriteCond %{QUERY_STRING} (^|&)tp= [NC,OR] RewriteCond %{QUERY_STRING} (^|&)template= [NC,OR] RewriteCond %{QUERY_STRING} (^|&)tmpl= [NC] RewriteRule ^(.*)$ - [F,L] ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine ## your PHP version). See http://www.0php.com/php_easter_egg.php and ## http://osvdb.org/12184 for more information RewriteCond %{QUERY_STRING} =PHP[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} [NC] RewriteRule ^(.*)$ - [F,L] ## Back-end protection ## This also blocks fingerprinting attacks browsing for XML and INI files RewriteRule ^(administrator[/]?)$ administrator/index.php [L] RewriteRule ^(administrator/index.htm[l]?)$ $1 [L] RewriteRule ^(administrator/index.php)$ $1 [L] RewriteRule ^(administrator/index[2,3].php)$ $1 [L] RewriteRule ^(administrator/(components|modules|templates|images|plugins)/.*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?))$ $1 [L] RewriteRule ^administrator/(.*)$ - [F,L] ## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ directory RewriteRule ^(xmlrpc/index\.php)$ $1 [L] RewriteRule ^xmlrpc/(.*)$ - [F,L] ## Disallow front-end access for certain Joomla! system directories RewriteRule ^(includes/js/.*)$ $1 [L] RewriteRule ^(cache|includes|language|libraries|logs|tmp)/.*$ - [F,L] ## Allow limited access for certain Joomla! system directories with client-accessible content RewriteRule ^((components|modules|plugins|templates)/.*\.(jp[g,2,eg]?|png|gif|bmp|css|js|swf|ico|htm[l]?))$ $1 [L] RewriteRule ^((components|modules|plugins|templates)/.*index\.php(.*))$ $1 [L] RewriteRule ^(templates/.*\.php)$ $1 [L] RewriteRule ^(components|modules|plugins|templates)/.*$ - [F,L] ## Disallow access to htaccess.txt and configuration.php-dist RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F,L] ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @ ## http://www.sigsiu.net/presentations/fortifying_your_joomla_website.html ## May cause problems on legitimate requests RewriteCond %{QUERY_STRING} concat.*\( [NC,OR] RewriteCond %{QUERY_STRING} union.*select.*\( [NC,OR] RewriteCond %{QUERY_STRING} union.*all.*select.* [NC] RewriteRule ^(.*)$ - [F,L] ########## End - Advanced server protection ########## Begin - Basic antispam Filter, by SigSiu.net ## I removed some common words, tweak to your liking RewriteCond %{query_string} \bviagra\b [NC,OR] RewriteCond %{query_string} \bambien\b [NC,OR] RewriteCond %{query_string} \bblue\spill\b [NC,OR] RewriteCond %{query_string} \bcialis\b [NC,OR] RewriteCond %{query_string} \bcocaine\b [NC,OR] RewriteCond %{query_string} \bejaculation\b [NC,OR] RewriteCond %{query_string} \berectile\b [NC,OR] RewriteCond %{query_string} \berections\b [NC,OR] RewriteCond %{query_string} \bhoodia\b [NC,OR] RewriteCond %{query_string} \bhuronriveracres\b [NC,OR] RewriteCond %{query_string} \bimpotence\b [NC,OR] RewriteCond %{query_string} \blevitra\b [NC,OR] RewriteCond %{query_string} \blibido\b [NC,OR] RewriteCond %{query_string} \blipitor\b [NC,OR] RewriteCond %{query_string} \bphentermin\b [NC,OR] RewriteCond %{query_string} \bprosac\b [NC,OR] RewriteCond %{query_string} \bsandyauer\b [NC,OR] RewriteCond %{query_string} \btramadol\b [NC,OR] RewriteCond %{query_string} \btroyhamby\b [NC,OR] RewriteCond %{query_string} \bultram\b [NC,OR] RewriteCond %{query_string} \bunicauca\b [NC,OR] RewriteCond %{query_string} \bvalium\b [NC,OR] RewriteCond %{query_string} \bviagra\b [NC,OR] RewriteCond %{query_string} \bvicodin\b [NC,OR] RewriteCond %{query_string} \bxanax\b [NC,OR] RewriteCond %{query_string} \bypxaieo\b [NC] RewriteRule ^(.*)$ - [F,L] ########## End - Basic antispam Filter, by SigSiu.net
Aparte de estas reglas del archivo .htaccess tengo activados los plugins sistema Cache, sistema SEF e instalado el plugin JCH_Optimize Plugin con las opciones que muestran estas pantallas:
La configuración global la tengo como muestran estas otras pantallas:
Aparte de todo esto como veis la página no tiene ni widgets de redes sociales y otros adornos superfluos que aumentan considerablemente el tiempo de carga de la página.