Complete .htaccess File Tutorial: What It Is & How to Use It (2024)

What Is an .htaccess File?

An .htaccess file is a website file used to configure certain aspects of your site. Like redirects, customized error pages, and more. All without having to edit the main server configuration files.

It’s used on servers that run Apache, an open-source web server software. If your website runs on Nginx instead, you won’t have an .htaccess file.

Here’s an example of what an .htaccess file might look like for a WordPress website:

Complete .htaccess File Tutorial: What It Is & How to Use It (1)

Where Is the .htaccess File?

Your .htaccess file is usually located in the root directory of your website whether you’re using a content management system like WordPress or you created the site from scratch.

One way to access your site’s root directory is through your web host, typically through a file manager interface. Which is a directory within your web host where you can access and edit your site’s files—like your .htaccess file.

Your web host’s server files might look similar to the file folders you have on your computer:

Complete .htaccess File Tutorial: What It Is & How to Use It (2)

But the exact location of an .htaccess file depends on its purpose.

For example, say you have an .htaccess file in the “image” directory of your website. The directives within that .htaccess file would only affect files in that directory.

But if your .htaccess file is in the root directory of your website—the folder that contains your main website files—the file’s directives would apply to all the files (and pages) on your site.

Complete .htaccess File Tutorial: What It Is & How to Use It (3)

How to Edit Your .htaccess File

If you’re using WordPress, an .htaccess file should already have been generated when you installed WordPress (we’ll go over what to do if this isn’t the case in the next section.)

And there are three main ways to edit it:

1. File Manager

Many web hosts offer the ability to access key website files through a file manager.

To do this, log in to your host, head to your file manager, and locate your .htaccess file.

Your .htaccess file is likely located in your root folder. The root folder is titled “public_html” in our example below:

Complete .htaccess File Tutorial: What It Is & How to Use It (4)

Double click “.htaccess” to open the plain text editor.

Then, make any changes—like adding or removing directives—and hit the save button.

Complete .htaccess File Tutorial: What It Is & How to Use It (5)

2. FTP Client

A file transfer protocol (FTP) client is an application that lets you transfer files between your computer and your website. Cyberduck is an example of an FTP client.

You need to set up an FTP client if you don’t have one. Which may entail reaching out to your host for the details you need to connect to it.

Once you’re set up with an FTP client, you can log in to your site via FTP. We’ll use Cyberduck for our example.

Click “Open Connection” and enter your login details. Your web host usually provides these.

Complete .htaccess File Tutorial: What It Is & How to Use It (6)

Next, enable hidden files. Any files that begin with a dot (like the .htaccess file) are hidden by default. Meaning you can’t view—or edit—them.

To show hidden files in Cyberduck, go to “Edit” > “Preferences” > “Browser” and check the box next to “Show hidden files.”

Complete .htaccess File Tutorial: What It Is & How to Use It (7)

Exit out of the preferences. Then, locate your .htaccess file. Again, it’s likely in your root folder.

Select the file and click “Edit.”

Complete .htaccess File Tutorial: What It Is & How to Use It (8)

This opens your .htaccess file on your computer as a plain text file.

Make any edits directly in the file and hit save. Your saved changes are automatically added to your .htaccess file.

3. WordPress Plugin

Plugins like Yoast make it easy to edit your .htaccess file from your site’s backend.

Log in to WordPress to download and activate the Yoast plugin.

Then click “YoastSEO” and select “Tools.”

Complete .htaccess File Tutorial: What It Is & How to Use It (9)

Click “File editor.”

Complete .htaccess File Tutorial: What It Is & How to Use It (10)

Scroll to the .htaccess file area and make your edits directly in the text box. And save them by clicking “Save changes to .htaccess.”

Complete .htaccess File Tutorial: What It Is & How to Use It (11)

How to Create an .htaccess File

If you don’t already have an .htaccess file, follow the instructions below to create one yourself.

File Manager

To create an .htaccess file in your host’s file manager, select the folder you’d like your .htaccess file to be in. And keep in mind that the .htaccess file can affect the directory you put it in and its subdirectories.

Complete .htaccess File Tutorial: What It Is & How to Use It (12)

Then click the new file button.

Complete .htaccess File Tutorial: What It Is & How to Use It (13)

Next name your file “.htaccess” (with the dot). Click “Confirm.”

Complete .htaccess File Tutorial: What It Is & How to Use It (14)

You now have an .htaccess file ready to edit.

Complete .htaccess File Tutorial: What It Is & How to Use It (15)

FTP Client

To create an .htaccess file using your FTP client, save a plain text file on your computer as “.htaccess” (with the dot). You can create a plain text file using apps like the Notepad.

Then, within your chosen FTP client (we’re using Cyberduck), select the directory you want to place the .htaccess file in (like “public_html”). And click “Upload” and select the .htaccess file saved to your computer.

Complete .htaccess File Tutorial: What It Is & How to Use It (16)

Your .htaccess file is now ready to use.

4 Common .htaccess Directives

These four .htaccess directives can help you improve and customize your site.

1. Add Redirects Using .htaccess

You can redirect URLs using .htaccess in several ways depending on what you want to redirect.

Before adding some types of redirects, you may need to load the RewriteEngine module by adding this directive to your .htaccess file:

<IfModulemod_rewrite.c>
RewriteEngineOn
</IfModule>

Then, add your redirect directives under this module.

We’ll include the “RewriteEngine On” code where required in each example below for clarity. But depending on how your .htaccess file is set up, you may not need to include it each time.

Redirect Individual URLs

Redirect individual URLs with this directive:

Redirect301/old-page/https://www.yourdomain.com/new-page/

The “old-page” should mention the URL path—the portion that comes after your domain. This should begin with a slash.

And the second part should be the new page’s full URL.

Users will be automatically redirected to the new page whenever they try to access the URL from the old page.

Redirect WWW URLs to Non-WWW URLs

If your domain uses the www subdomain, you can use your .htaccess file to redirect it to the non-www version with this directive:

RewriteEngineOn
RewriteCond%{HTTP_HOST}^www.yourdomain.com[NC]
RewriteRule(.*)https://yourdomain.com/$1[L,R=301]

Redirect Subfolders to New Locations

A subfolder is a folder that exists within another folder on your site. For example, in “www.yourdomain.com/blog,” the “blog” part is a subfolder.

And you can redirect subfolders to different locations on your domain using the .htaccess file with this directive (using your URL paths):

RewriteEngineOn
RewriteRule^/?blog/(.\*)$/news/$1[R,L]

In the above example, any URL in the “blog” subfolder will be redirected to the “news” subfolder.

Redirect an Old Domain to a New Domain

You can also use the .htaccess file to redirect users from an old domain to a new one with this directive:

RewriteEngineOn
RewriteCond%{HTTP_HOST}^(?:www\.)?oldsite\.com$[NC]
RewriteRule^(.*)$https://newsite.com%{REQUEST_URI}[L,R=301]

This redirects both the www and the non-www versions of your domain to the new one.

Other Ways to Redirect URLs

There are other ways to redirect URLs if you don’t want to edit your .htaccess file.

First, run an audit of your site to see which pages may need redirects.

The Semrush Site Audit tool can identify those pages for you.

Within the Site Audit tool, enter your URL and click “Start Audit.”

Complete .htaccess File Tutorial: What It Is & How to Use It (17)

Configure your audit settings on the following page. Like how many pages you’d like to check during the audit. And how frequently you want to run the audit.

Click “Start Site Audit” after configuring your audit settings.

Complete .htaccess File Tutorial: What It Is & How to Use It (18)

When the audit is done, click “Issues” and look for “# pages returned 4XX status code.” Which means the server couldn’t reach those pages due to a client-side error.

Click the “# pages” to view each affected page.

Complete .htaccess File Tutorial: What It Is & How to Use It (19)

Review which pages you need to redirect. And which ones (if any) you’d prefer to keep as 404 errors.

You might indeed want a page to display a 404 error if you’ve deleted the page and there isn’t any relevant page to redirect users to.

To implement redirects for these pages on WordPress without editing your .htaccess file, you can use a plugin like Yoast.

Click “Yoast SEO” and “Redirects” in the left-hand toolbar after installing and activating the plugin.

Complete .htaccess File Tutorial: What It Is & How to Use It (20)

Select the type of redirect you want. We'll use 301 because we want to permanently redirect the old page to a new one.

Complete .htaccess File Tutorial: What It Is & How to Use It (21)

Enter the old URL slug—the last part of the URL—and the destination URL slug. And click “Add Redirect.”

Complete .htaccess File Tutorial: What It Is & How to Use It (22)

Lastly, test the URL by entering the old URL into your address bar to make sure it redirects to the new page. You may want to clear your cache first.

2. Load Custom 404 Error Pages with .htaccess

Your .htaccess file also lets you load custom 404 error pages—the page that shows when the server cannot find a webpage at that URL. This can happen when the page no longer exists or if someone enters an incorrect URL.

You might want a 404 page that reflects your brand, and perhaps gives users directions to relevant content or pages.

For example, our 404 page looks like this:

Complete .htaccess File Tutorial: What It Is & How to Use It (23)

First, create the page you’d like to load when someone encounters a 404 error.

Then, add this code to your .htaccess file:

ErrorDocument404/404-page.html

And update the path to reflect your custom 404 page’s path.

Your custom 404 page should then load any time someone visits a page on your site that doesn’t exist.

Other Ways to Create a Custom 404 Page

If you’re using WordPress, a plugin like the Smart Custom 404 error page can help you create a 404 page fairly easily.

Here’s how:

Install and activate the plugin when logged into your WordPress site. Then head to “Pages” and “AddNew Page.”

Complete .htaccess File Tutorial: What It Is & How to Use It (24)

Create and publish your custom 404 error page within the editor.

Complete .htaccess File Tutorial: What It Is & How to Use It (25)

After publishing your page, click “Appearance” and “404 Error Page” in the menu bar.

Complete .htaccess File Tutorial: What It Is & How to Use It (26)

Select your error page from the drop-down menu and click “Save Changes.”

Complete .htaccess File Tutorial: What It Is & How to Use It (27)

Test your 404 page by visiting a URL that doesn’t exist on your site. It should redirect to your new 404 page.

3. Force Your Site to Load with HTTPS Through .htaccess

Hypertext transfer protocol secure (HTTPS) encrypts communications between the browser and your website. Which secures data sent from the browser to the server.

Plus, HTTPS is a ranking signal. So, using it could have a positive impact on your rankings.

If your site has a secure sockets layer (SSL) certificate, you can force HTTPS instead of HTTP using your .htaccess file.

To do so, add these lines of code to your .htaccess file:

RewriteEngineOn
RewriteCond%{HTTPS}off
RewriteRule^https://%{HTTP_HOST}%{REQUEST_URI}[L,R=301]

Other Ways to Use HTTPS Instead of HTTP

Your host can often help you switch to HTTPS.

Some even provide one-click options to force HTTPS:

Complete .htaccess File Tutorial: What It Is & How to Use It (28)

So, reach out to your host for help setting up HTTPS if you don’t want to edit your .htaccess file.

4. Enable Password Protection with Your .htaccess File

You can enable password protection on your site—or specific areas of your site—using your .htaccess file.

This may be useful if you’re making site updates and only want certain people to access your site. Like your web designer.

You’ll need two files to password-protect your site: .htpasswd and .htaccess.

First, head to your website host’s file manager.

Add a new file outside your root directory. Name it “.htpasswd” and click “Confirm.”

Important: It’s best to place your .htpasswd file outside of your root directory as this may be more secure.

Complete .htaccess File Tutorial: What It Is & How to Use It (29)

Double click your .htpasswd file to open and edit it. This is where you’ll add a username and password needed to access your site.

Complete .htaccess File Tutorial: What It Is & How to Use It (30)

You then need to encrypt your passwords (for security purposes). A free tool like HTPasswd Generator will encrypt your password for you.

Just enter your username, password, and click “Generate .htpasswd file.” And copy the output.

Complete .htaccess File Tutorial: What It Is & How to Use It (31)

Paste the output in your .htpasswd file and save your file.

Complete .htaccess File Tutorial: What It Is & How to Use It (32)

Lastly, open your .htaccess file and add this directive:

#Passwordprotection
AuthTypeBasic
AuthName"RestrictedArea"
AuthUserFile/path/to/.htpasswd
Requirevalid-user

Make sure to change the path of the “AuthUserFile” line to the path of your .htpasswd file. And save the file.

Head to your website. Your site should display a prompt upon loading if the directive works.

Enter your username and password and click “Sign in” to access your site.

Complete .htaccess File Tutorial: What It Is & How to Use It (33)

Other Ways to Password-Protect Your Site

If you’re using WordPress, an easier way to set up password-protected pages is by using the platform’s native password protection functionality.

Log in to your site and head to the page or post you want to set up password protection for.

Next to “Visibility,” click on “Public.”

Complete .htaccess File Tutorial: What It Is & How to Use It (34)

Select the circle next to “Password protected” and enter the password you want to use. Then, exit out of the prompt and click “Update.”

Complete .htaccess File Tutorial: What It Is & How to Use It (35)

Now when someone tries to access the page, they’ll see something that looks like this:

Complete .htaccess File Tutorial: What It Is & How to Use It (36)

And they’ll need the password to access the content.

But this means you can only have one password for each page—you can’t have different passwords for different users.

For extra functionality, you may want to consider using WordPress plugins instead.

Common Performance Issues Associated with .htaccess

Keep these issues in mind if you decide to rely on your .htaccess file to make specific changes to your site.

Speed

Using many or very complex .htaccess files can impact your site’s performance. And cause it to run slowly.

Why?

Because Apache needs to read and interpret each directive every time a request is made to your server.

So, carefully consider what’s necessary to include in your .htaccess and what isn’t.

And keep it as concise as possible to avoid site performance issues. Since page speed is a ranking factor, you want your site to load fast.

While there’s no ideal length for an .htaccess file, one way to determine if your .htaccess file is impacting side speed is to run speed tests before and after making any .htaccess file changes.

Free tools like Google’s Page Speed Insights let you test page speed by entering a URL:

Complete .htaccess File Tutorial: What It Is & How to Use It (37)

You may need to speak with a developer to review your .htaccess file if your page loads slowly after making updates.

Security

Because .htaccess files let you redirect entire sites, someone who hacks your site can use the .htaccess file to redirect your site somewhere else.

So, check your .htaccess periodically for any directives you didn’t add.

Also maintain regular backups of your site. Ideally, your host will also do this for you, but you may want to keep your own backups as well.

That way, you can quickly revert your site to an older version (which includes the older version of your .htaccess file, too) if something happens.

Accessibility

Improperly configured .htaccess directives can lead to accessibility issues. Like incorrect redirects that don’t take people to the right page.

Users are more likely to leave your site (and potentially head to a competitor) if they can’t find the content they want.

So, it’s important to keep an eye on any technical issues that might arise from improperly configured .htaccess directives.

Spot Technical Issues on Your Site

Your .htaccess file allows you to make powerful changes to your site with relative ease.

But those edits can also cause unwanted errors.

Use Semrush’s Site Audit tool to help keep your site error-free when editing your .htaccess file.

Site Audit monitors errors and sends you regular updates, so you don’t need to worry about keeping track of them yourself.

Try it today.

Complete .htaccess File Tutorial: What It Is & How to Use It (2024)

FAQs

What is htaccess and how to use it? ›

htaccess file specifically configures how the server operates. Each function is represented by a line of text or code that instructs the server on what to do. You can modify the server's behaviour by adding or changing the code within the . htaccess file.

What should be in my .htaccess file? ›

. htaccess files (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.

Where do I put a .htaccess file? ›

htaccess file should be placed in the web root directory specific to that particular website. If you followed the prerequisites, your web root directory will be in the following location: /var/www/ your_domain /. htaccess .

Is .htaccess necessary? ›

htaccess is not required for having a general website. That file simply allows you to make changes in the way your website behaves for example banning people from accessing your site or redirecting an old dead link to a new page. Some software like Wordpress requires settings in the . htaccess file (or httpd.

What is the benefit of using htaccess? ›

Advantages of using .htaccess file
  • Mod_Rewrite.
  • Authentication.
  • Custom Error Pages.
  • Mime Types.
  • SSI (Server Side Includes)
  • Redirects.
  • Restricting users based on IP.
  • Leveraging Browser Caching.

How to write a .htaccess file? ›

Having a dot in front of the name makes the file hidden. Use your preferred text editor, create a file named . htaccess on your desktop or any other local folder, add the desired text and then upload the file using an FTP client. Instructions on how to establish an FTP connection can be found here.

How do you modify your .htaccess file? ›

How To Edit An . htaccess File - Edit htaccess file in cPanel's File Manager
  1. Edit the file on your computer and upload it to the server via FTP.
  2. Use an FTP program's "Edit" mode that allows you to edit a file remotely.
  3. Use SSH and a text editor to edit the file.
  4. Use the File Manager in cPanel to edit the file.

What is the default .htaccess file? ›

The default WordPress . htaccess file is a configuration file used by Apache web servers to control website access and URL structure. It includes rules for WordPress permalinks and security settings to help prevent unauthorized access and protect against malicious attacks.

What language is a htaccess file? ›

. htaccess is written in Apache language. Directives is mere a terminology that Apache uses for the commands in its own configuration files.

How safe is htaccess? ›

htaccess could make your site less desirable to hack, or limit the damage that a hacker can do. htaccess files usually can not be accessed and this can be verified in the httpd file of the server, which should have a rule to deny access to htaccess files.

Is the htaccess file readable? ›

This directory contains an . htaccess file that is readable.

htaccess files are designed to be parsed by web server and should not be directly accessible. These files could contain sensitive information that could help an attacker to conduct further attacks. It's recommended to restrict access to this file.

How do I manually create a htaccess file? ›

htaccess file manually:
  1. Navigate to the WordPress root installation folder (public_html or www). ...
  2. Click the + File button in the upper-left corner to create a new file.
  3. Name the file . ...
  4. Open the file for editing.
Mar 20, 2024

Can I delete .htaccess file? ›

Open the Emergency Recovery Script, and use the password provided by the plugin to access it, Find the "Delete or Reset . htaccess" card, Click the button to delete or reset the file.

Where is the htaccess file located in Windows? ›

htaccess file located within the root directory of your website. If you are not sure what a root directory is, then please refer to our article about finding the root directory of your domain. Usually, this file will be hidden as it may be used to compromise your account.

What is the use of htaccess file in SEO? ›

6 uses of the . htaccess file in search engine optimization
  1. Creating user-friendly URLs with the .htaccess file. ...
  2. Allow or deny access to your website. ...
  3. Password protect directories. ...
  4. Improvement of indexing and crawling. ...
  5. Creating Redirects. ...
  6. Faster Page Speed.

How do I edit a htaccess file? ›

Right-click on the file, then click on Edit from the menu. A dialogue box may appear asking you about encoding; just click on the Edit button to continue. The editor will open in a new window. Edit the file as needed, then click the Save Changes button.

Where is the .htaccess file located in Windows? ›

You will typically find the . htaccess file located within the root directory of your website. If you are not sure what a root directory is, then please refer to our article about finding the root directory of your domain. Usually, this file will be hidden as it may be used to compromise your account.

Top Articles
Latest Posts
Article information

Author: Trent Wehner

Last Updated:

Views: 6217

Rating: 4.6 / 5 (56 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Trent Wehner

Birthday: 1993-03-14

Address: 872 Kevin Squares, New Codyville, AK 01785-0416

Phone: +18698800304764

Job: Senior Farming Developer

Hobby: Paintball, Calligraphy, Hunting, Flying disc, Lapidary, Rafting, Inline skating

Introduction: My name is Trent Wehner, I am a talented, brainy, zealous, light, funny, gleaming, attractive person who loves writing and wants to share my knowledge and understanding with you.