BFCM discount limited time 25% off on our life-time plans using code: LMT25
Try our free employee tracking app! Sign up now – click here
  • 00Days
  • 00Hours
  • 00Minutes
  • 00Seconds
Login
Get Started Free
.htaccess Compatibility Module - Seamless Apache to OpenLiteSpeed Migration | CyberPanel
🛡️ NEW: WordPress Brute Force Protection!

Your .htaccess Files
Finally Work with OpenLiteSpeed

Stop rewriting Apache rules. Stop breaking sites during migration.
PHP config, headers, redirects, access control + WordPress brute force protection - everything works instantly.

Get Started - $59/year See Brute Force Protection
😫 Without This Module
  • Hours spent rewriting Apache rules
  • PHP settings don't work in .htaccess
  • Broken sites after migration
  • No built-in brute force protection
  • Security headers don't work
  • Redirects break completely
🎉 With This Module
  • One-command installation
  • PHP settings work perfectly
  • Works instantly on upload
  • Built-in WordPress brute force protection
  • All security headers work
  • Redirects work with regex
5 min
Average Setup Time
100%
Apache Compatible
98%+
.htaccess Coverage
<0.5ms
Performance Overhead
24/7
Support Available
🛡️ NEW in v2.2.0

WordPress Brute Force Protection

Protect your WordPress sites from credential stuffing and brute force attacks with progressive throttling - slow down attackers while letting legitimate users through.

Enable with One Line

BruteForceProtection On

Progressive Throttle System

Attackers get progressively slower responses - making brute force attacks impractical

🟢
Soft Throttle
2s
1-2 attempts over limit
🟡
Medium Throttle
5s
3-5 attempts over limit
🔴
Hard Throttle
15s
6+ attempts over limit
Protects wp-login.php
Protects xmlrpc.php
Custom paths support
IP whitelist (CIDR)
X-Forwarded-For support
Retry-After header 
# Production-Ready Configuration
BruteForceProtection On
BruteForceAllowedAttempts 5
BruteForceWindow 300
BruteForceAction throttle

# Behind Cloudflare/Proxy
BruteForceXForwardedFor On

# Whitelist trusted IPs
BruteForceWhitelist 10.0.0.0/8, 192.168.1.0/24

# Protect custom admin areas
BruteForceProtectPath /admin/
BruteForceProtectPath /api/login
How It Works

Your Existing .htaccess Just Works

No changes needed. Upload and it works.

Before Module ❌ Doesn't Work 
# Your Apache .htaccess file
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
RequestHeader set X-Forwarded-Proto "https"

# PHP Configuration
php_value memory_limit 768M
php_value upload_max_filesize 150M
php_flag display_errors On

# Brute Force Protection
BruteForceProtection On

SetEnv APPLICATION_ENV production
SetEnvIf User-Agent ".*Mobile.*" mobile_device

ErrorDocument 404 /404.html

Order deny,allow
Deny from all
Allow from 192.168.1.0/24

Redirect 301 /old /new
RedirectMatch 301 ^/blog/(.*)$ /news/$1

ExpiresActive On
ExpiresByType image/jpeg A31557600

<FilesMatch "\.(css|js)$">
    Header set Cache-Control "max-age=2592000"
</FilesMatch>

# Result: None of this works in OpenLiteSpeed!
After Module ✅ Works Perfectly 
# Same exact .htaccess file
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
RequestHeader set X-Forwarded-Proto "https"

# PHP Configuration - NOW WORKS!
php_value memory_limit 768M
php_value upload_max_filesize 150M
php_flag display_errors On

# Brute Force Protection - NOW WORKS!
BruteForceProtection On

SetEnv APPLICATION_ENV production
SetEnvIf User-Agent ".*Mobile.*" mobile_device

ErrorDocument 404 /404.html

Order deny,allow
Deny from all
Allow from 192.168.1.0/24

Redirect 301 /old /new
RedirectMatch 301 ^/blog/(.*)$ /news/$1

ExpiresActive On
ExpiresByType image/jpeg A31557600

<FilesMatch "\.(css|js)$">
    Header set Cache-Control "max-age=2592000"
</FilesMatch>

# Result: Everything works instantly!
⚡ Breakthrough Achievement

PHP Configuration Now Works in .htaccess

We achieved what was previously considered impossible in OpenLiteSpeed - full php_value and php_flag support. Configure PHP settings per directory without editing php.ini or restarting PHP.

768M
Memory Limit
150M
Upload Size
600s
Max Execution
28+
PHP Directives
# Just add to your .htaccess - works instantly!
php_value memory_limit 768M
php_value upload_max_filesize 150M
php_value post_max_size 150M
php_value max_execution_time 600
php_flag display_errors On
php_value date.timezone "America/New_York"
php_admin_flag allow_url_fopen Off
No php.ini editing
No PHP restart needed
Per-directory control
Features

Everything You Need for Smooth Migration

Complete Apache compatibility + WordPress security

NEW in v2.2.0
🛡️

Brute Force Protection

Built-in WordPress protection with progressive throttling. Slow down attackers with 2s/5s/15s delays while letting legitimate users through.

Instant Activation

No configuration needed. Install once and all your .htaccess files start working immediately across all sites.

🐘

PHP Configuration

Breakthrough feature! Full php_value and php_flag support. Configure PHP settings per directory - previously impossible in OpenLiteSpeed.

🔒

Security Headers

All your security headers work perfectly. X-Frame-Options, CSP, HSTS - everything functions as expected.

🚫

Access Control

IP whitelisting, blacklisting, and network restrictions work exactly like Apache. Protect your admin areas effortlessly.

📄

Custom Error Pages

Your custom 404, 500, and other error pages display properly. No more broken error handling.

🔄

Auto-Updates

Detects changes to .htaccess files automatically. No need to restart or reload - changes apply instantly.

🚀

Zero Performance Impact

Optimized caching ensures less than 0.5ms overhead. Get compatibility without sacrificing speed.

↗️

Redirect Support

Full support for Redirect and RedirectMatch directives with regex patterns and capture groups for URL rewrites.

📝

FilesMatch Support

Apply headers based on file patterns with regex matching. Perfect for setting cache headers on specific file types.

⏱️

Expires Directives

Complete mod_expires compatibility with ExpiresActive and ExpiresByType. Automatic Cache-Control headers.

⚙️

Environment Variables

SetEnv, SetEnvIf, and BrowserMatch directives with conditional logic. Set $_SERVER variables based on request properties.

Supported Directives

Full Apache .htaccess Compatibility + Security

All the directives you need, including breakthrough PHP configuration and brute force protection

WordPress Brute Force Protection 🛡️ NEW in v2.2.0

Built-in protection against credential stuffing and brute force attacks with progressive throttling. Protects wp-login.php, xmlrpc.php, and custom paths. Supports IP whitelisting with CIDR notation and X-Forwarded-For for proxy/CDN setups. 

# Enable brute force protection
BruteForceProtection On
BruteForceAllowedAttempts 5
BruteForceWindow 300
BruteForceAction throttle

# Behind Cloudflare/proxy
BruteForceXForwardedFor On

# Whitelist trusted IPs (CIDR supported)
BruteForceWhitelist 10.0.0.0/8, 192.168.1.0/24, 203.0.113.100

# Protect custom admin areas
BruteForceProtectPath /admin/
BruteForceProtectPath /api/login

# Actions: block (403), log (allow but log), throttle (progressive delays)
# Throttle levels: soft (2s), medium (5s), hard (15s)

Header Directives ✅ Fully Supported

Complete support for all header manipulation directives including set, unset, append, merge, and add operations. Perfect for security headers, CORS, cache control, and custom headers. 

# Security Headers
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set Strict-Transport-Security "max-age=31536000"

# CORS Headers
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"

# Cache Control
Header set Cache-Control "public, max-age=3600"

# Remove Headers
Header unset X-Powered-By

# Append to Existing
Header append Vary "Accept-Encoding"

PHP Configuration (php_value/php_flag) ✅ Breakthrough Feature!

Revolutionary feature previously considered impossible in OpenLiteSpeed! Configure PHP settings directly in .htaccess just like Apache. Set memory limits, upload sizes, error handling, timezones, and more on a per-directory basis without editing php.ini or restarting PHP. 

# Memory and Upload Limits
php_value memory_limit 768M
php_value upload_max_filesize 150M
php_value post_max_size 150M
php_value max_execution_time 600
php_value max_input_time 600

# Error Handling and Logging
php_flag display_errors On
php_flag log_errors On
php_admin_value error_log /var/log/php-errors.log

# Security Settings
php_admin_flag allow_url_fopen Off
php_admin_flag allow_url_include Off

# Date and Time
php_value date.timezone "America/New_York"
php_value default_charset "UTF-8"

# Session Configuration
php_value session.gc_maxlifetime 7200
php_flag session.use_strict_mode On

Access Control ✅ Fully Supported

Complete IP-based access control with Order, Allow, and Deny directives. Supports individual IPs and CIDR ranges for flexible network-level security. 

# Whitelist Approach - Block all except allowed
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
Allow from 10.0.0.5

# Blacklist Approach - Allow all except denied
Order allow,deny
Allow from all
Deny from 203.0.113.0/24

# Complex Rules
Order deny,allow
Deny from all
Allow from 192.168.0.0/16    # Internal network
Allow from 10.0.0.0/8         # VPN
Allow from 172.16.0.0/12      # Private subnet

Redirect Directives ✅ Fully Supported

Full support for Redirect and RedirectMatch directives with regex patterns and capture groups. Perfect for URL migrations, enforcing trailing slashes, or redirecting old URLs to new locations. 

# Simple Redirects
Redirect 301 /old-page /new-page
Redirect permanent /old-url https://new-domain.com/page

# Regex Pattern Matching with RedirectMatch
RedirectMatch 301 ^/blog/(.*)$ /news/$1
RedirectMatch permanent ^/products/(.+)\.html$ /shop/$1

# Enforce trailing slashes
RedirectMatch 301 ^/(.+[^/])$ /$1/

# Category redirects with capture groups
RedirectMatch 301 ^/category/([^/]+)/page/([0-9]+)$ /cat/$1?p=$2

ErrorDocument, FilesMatch, Expires, SetEnv ✅ All Supported

Plus full support for ErrorDocument custom error pages, FilesMatch pattern-based headers, Expires (mod_expires) browser caching, SetEnv/SetEnvIf environment variables, RequestHeader for proxy configurations, and BrowserMatch for User-Agent detection. 

# Custom Error Pages
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html

# Cache Control for Static Files
<FilesMatch "\.(jpg|png|gif|css|js)$">
    Header set Cache-Control "max-age=31536000"
</FilesMatch>

# Expires Directives
ExpiresActive On
ExpiresByType image/jpeg A31557600
ExpiresByType text/css A2592000

# Environment Variables
SetEnv APPLICATION_ENV production
SetEnvIf User-Agent ".*Mobile.*" mobile_device
BrowserMatch "MSIE" old_browser

# Request Headers
RequestHeader set X-Forwarded-Proto "https"
Simple Pricing

One Module, Unlimited Sites

Now with WordPress Brute Force Protection included!

1 Year

$59
per year
Unlimited sites
All features included
Brute Force Protection
1 year of updates
Priority support
Most Popular

2 Years

$118
$106
$53/year
Save $12 (10% OFF)
Unlimited sites
All features included
Brute Force Protection
2 years of updates
Priority support

3 Years

$177
$142
$47/year
Save $35 (20% OFF)
Unlimited sites
All features included
Brute Force Protection
3 years of updates
Priority support
Success Stories

Trusted by Server Administrators

See what our users are saying

"

Migrated 50+ WordPress sites from Apache to OpenLiteSpeed in one afternoon. This module saved us weeks of work rewriting rules.

JD
John Davis
Web Hosting Provider
"

The brute force protection is a game-changer. We used to rely on WordPress plugins, but having it at the server level is much more secure and efficient.

SK
Sarah Kim
Security Engineer
"

Worth every penny. No more explaining to clients why their .htaccess doesn't work after migration. It just works.

MP
Mike Peterson
Freelance Developer
"

The PHP configuration support is amazing! I can now set memory limits and upload sizes per directory without touching php.ini. This feature alone is worth the price.

TL
Tom Lopez
Agency Owner
FAQ

Frequently Asked Questions

Everything you need to know

How does the Brute Force Protection work?
The brute force protection tracks login attempts per IP using shared memory. When an IP exceeds the allowed attempts within the time window, it triggers the configured action: block (403), log only, or throttle with progressive delays (2s → 5s → 15s). It protects wp-login.php and xmlrpc.php by default, with support for custom paths, IP whitelisting with CIDR notation, and X-Forwarded-For for proxy/CDN setups.
How easy is the installation?
Super easy! We provide a one-command installer that downloads a pre-built binary, configures OpenLiteSpeed, sets up your license, and restarts the server automatically. Just run one command and you're done. Installation details are provided in your welcome email.
Does PHP configuration (php_value/php_flag) really work?
Yes! This is our breakthrough feature. You can now use php_value and php_flag directives in .htaccess to configure PHP settings per directory - something previously considered impossible in OpenLiteSpeed. Set memory limits, upload sizes, error handling, timezones, and more without editing php.ini.
Which .htaccess directives are supported?
The module supports Header directives (set, unset, append, merge, add), RequestHeader directives (set/unset), PHP Configuration (php_value, php_flag, php_admin_value, php_admin_flag), Brute Force Protection (BruteForceProtection, BruteForceAllowedAttempts, etc.), ErrorDocument for custom error pages, Access Control directives (Order, Allow, Deny) with IP and CIDR range support, Redirect and RedirectMatch with regex patterns, FilesMatch for pattern-based headers, Expires directives (mod_expires compatibility), and environment variable directives (SetEnv, SetEnvIf, SetEnvIfNoCase, BrowserMatch). These cover 98%+ of typical .htaccess use cases.
Do I need to modify my existing .htaccess files?
No! That's the beauty of this module. Your existing Apache .htaccess files work as-is without any modifications. Just install the module and your files start working immediately.
Will this slow down my server?
No. The module uses efficient caching with hash tables and adds less than 0.5ms overhead per request. The brute force protection uses shared memory (~64 bytes per tracked IP) for high performance. You get Apache compatibility and security without sacrificing OpenLiteSpeed's performance advantages.
Can I use this on multiple servers?
Each license covers one server installation but supports unlimited sites on that server. For multiple servers, you'll need additional licenses.
What about updates and support?
Your license includes all updates for the duration of your plan (1, 2, or 3 years) plus priority support. We continuously improve the module and add support for more directives.
Resources

Documentation & Support

Everything you need to succeed

📚

Documentation

Comprehensive guides covering installation, configuration, brute force protection, and troubleshooting for all supported directives.

View Docs →
💬

Community Forum

Join thousands of CyberPanel users discussing best practices, sharing tips, and helping each other.

Join Community →
🔧

GitHub Repository

Access source code, view comprehensive test results, report issues, and see detailed documentation.

View on GitHub →

Stop Fighting with .htaccess Files

Join hundreds of administrators who've made migration painless.
Now with PHP configuration + WordPress brute force protection!

🚀 Get Instant Access - $59