.htaccess: What it is and how to use it to get the most out of it

htaccess Work Useful
Last updated:

Perhaps you have already heard about this term, but you do not finish understanding in depth what .htaccess is and what are the functionalities that it allows on websites of all kinds.

Although the arrival of content management systems [CMS] such as WordPress or Prestashop has made the task of creating online sites much easier, if you really want to become a versatile webmaster, you must have certain notions about CSS programming and web servers.

Especially in order to keep your site safe and sound from cyberattacks.

But don’t worry, in this article you will learn what .htaccess means, how this file works, as well as some very useful tricks that, using the .htaccess, will provide you with really interesting features. We started!

The .htaccess file is short for HyperText Access”, or what is equivalent to “hypertext access”. Basically, it is a configuration file that contains certain directives or commands to define the behavior of a software.

In this case, it is Apache server software.

The main tasks of this .htaccess file are three:

  • Indicate at all times what the user who visits your website is allowed to do and what the user who visits your website is prohibited from doing.
  • Create a standard protocol for server behavior in the event of possible connection failures or other problems.
  • Improve the loading speed of your blog pages.

Actually, this file, which as you will see later does not reach the kb [KiloByte] of weight, can be key to carry out many functions in the server of your web page.

Which also hides a series of risks, of which you must be aware at all times, so as not to compromise confidential information on your site.

You will discover them soon!

· How does the .htaccess work?

As we have just seen, the .htaccess is in charge of giving the commands to the Apache server of your web page. Basically, what is reflected in this document will be executed by the server software.

On the other hand, you should also know that, depending on the location where you insert the htaccess, you will be able to modify a specific part [directory] or the entire site as a whole.

I give you two examples:

  • .Htaccess file inserted in the root directory of the web page -> The instructions will be applied to the entire web
  • .Htaccess file inserted in a specific folder on your website -> The guidelines will only be applied to the content of that folder, as well as the subfolders that are hosted in it.

Before we begin to explain how htaccess works, we must make a little clarification about the Apache server.

Apache is a software that is responsible for “serving” or displaying the information housed in some folders and making them available to any online user.

Once this data has been clarified, let’s go on to know the operation of the hypertext access file.

Basically, every time an Internet user enters your page, the Apache server, installed on your web server, directs them to the home page that you have indicated in it. Easy.

If there is an error on the server , such as a damaged file, Apache will consult the .htaccess again and redirect the user to a page with a 404 error code. Because this is the guideline that you have been given since this document.

Ultimately, the server follows a series of protocols based on guidelines set by the .htaccess file and, depending on the response, directs your web surfers to one site or another.

Interesting, right?

Interesting features 

As you have seen, with .htaccess we can make the server “redirect” the traffic to practically any point that we request.

For this reason, it is also possible to use this file for the following tasks:

  • Personalized protection – Restrict access to certain directories on the web or block certain IPs.
  • Redirect Erorr Codes – Send traffic that ended up on a page not found [404] to a custom screen
  • Reduce load time – By instructing the server what to load first or how to load it.
  • Organize traffic more efficiently – It allows users to automatically send users from subdomains hosted on the website to certain directories, much more easily and effectively. Allowing to play as if it were several independent websites.

We will leave you the best commands so that you can also carry out these functions in your .htaccess, but before you make any changes to your online site, we must make a big warning.

Important Notice

By accessing the .htaccess file you are entering the heart of your online site. And as if it were an open heart operation, the risks are very high.

Bluntly, any failure to enter the commands in the .htaccess files will cause the Apache server to be unable to understand them and your website to stop working.

In this case, the software server will not be able to display any information since the information you have provided is wrong. You run the risk of losing all the information on your online site.

Of course, now comes the good news.

You can make backup copies of all the folders on your website, also the original .htaccess copies, so that, in the event of an unexpected error, you can restore it and make your website look exactly the same as before.

Not only can you, but you must. And also make sure that those copies are made correctly.

On many occasions we believe that the backups are being carried out in order, but when the web really fails, and we are going to access them, we realize that they also contain failures and we do not have access to the previous information.

Therefore, always with protection, always with backup and always with verification of the same.

increase your web security with htaccess

Improve the security of your website from the .htaccess

The first area in which htaccess can help you is cybersecurity. For newbies, we recommend reading this complete guide on WordPress security first.

Today, a simple web page can host a business that generates thousands of dollars, so, just as you would protect your home or physical store, the web is an element that you must take care of.

And thanks to the enormous control that the .htaccess file has over the Apache server, you will be able to modify various parameters so that it acts in the safest way possible.

Here are some of the best practices with their corresponding .htaccess commands to better protect your site online.

Shield the .htaccess file itself

If you don’t want any intruder to be able to modify your .htaccess file, you must insert this command that activates its protection.

No one else will be able to access its files. Just copy and paste it as it is below:

<files .htaccess>

order allow, deny

deny from all

</files>

Block access to web directories 

A very widespread use of this hypertext access file is to block access to certain directories on the web page, or to the entire site as a whole.

You can also do it for certain types of specific users, who will not be allowed to enjoy the content by the server and will receive an error message or other personalized settings.

 deny from all

⫸ Avoid and block bots from .htaccess

Another of the most widespread uses is to manage the different access options to your online site.

That is, if the server detects a suspicious activity or IP, which is saturating the system, you can automatically block said IP and protect the system from collapsing.

This is the way spam bots behave, so with the following command, you can combat them 100% automatically. Change the XXX to the specific IP address you would like to block. On the internet you will find lists of malicious IPs:



Order deny, allow

Allow from All

Deny from XXX.XXX.XXX.XXX

Deny from XXX.XXX.XXX.XXX

Fight Hotlinking

The Hotlink technique is widely known in the Black Hat SEO world and, basically, consists of an external website showing a video or photo that is hosted on your server.

For the user of the other online site, it will be an original resource of this page, but in reality it is accessing your server to consume it, so it is occupying on your own server. At the risk of collapsing it.

They are taking advantage of your resources completely free of charge. To avoid this, copy this .htaccess command into your file:

RewriteEngine on RewriteCond% {HTTP_REFERER}! ^ $

RewriteCond% {HTTP_REFERER}! ^ Http: // (www \.)? yourdomain \ .com /.*$ [NC]

RewriteRule. * \. (Jpg | gif | bmp | png | mp4) $ [L]

In the last line you can enter as many photo, audio and video formats as you want.

Make different types of redirects from the htaccess 

Among the whole range of configurations that you can make on the Apache server, there is also, how could it be otherwise, the redirection of traffic from the entire site or from a certain directory to certain parts of the web.

These features may help you improve your online site.

Go from domain with WWW to one without WWW

The following command for htaccess that we bring you is used to permanently abandon your old domain that begins with www and switch to one without these initials.

You could also carry out this process using a 301 redirect, but the chances of it causing confusion and not being implemented on all sites on the web is much higher.



RewriteEngine on

Options + FollowSymLinks

RewriteCond% {HTTP_HOST} ^ www \ .yourdomain \ .com $ [NC]

RewriteRule ^ (. *) $ Http://yourdomain.com/$1 [R = 301, L]

Redirect traffic from your old website to the new one 

Using this hypertext access file, you can also send all incoming traffic from your old website to the new one.

You just have to paste the following command in the .htaccess of your old online site:



RewriteEngine On

RewriteRule ^ (. *) $ Http://yournewdomain.es/$1 [R = 301, L]

Custom 404 error pages

Surely you are also fed up with the boring pages that appear when a 404 error code pops up. A broken URL or bad files that prevent it from displaying normally.

If you want that every time this error appears on your site, your web page shows your personalized 404 page, you must give it the instruction from the .htaccess.

Include the .html file of your page in the files the following path> errors and paste this code pointing to the custom page with the name you have chosen.

            ErrorDocument 404 /errors/yourpage404.html

Optimize and increase the speed of your website

The last series of commands aims to make your page load faster and smoother. And it is that this fact, as you can imagine, depends, to a large extent, the web server of the page and its configuration.

Without further ado, I leave you with some interesting tricks to apply with your .htaccess.

Compress web files

Anything that is lightening the weight and load of the web server will translate into an improvement in its performance and speed.

On the other hand, if you take into account that the majority of users who will access your website will do so from their mobile phone, with limited data, this optimization is even more necessary.

The following command will allow you to compress the files that make up your website in order to consume less resources during loading.


AddOutputFilterByType DEFLATE text / plain

AddOutputFilterByType DEFLATE text / html

AddOutputFilterByType DEFLATE text / xml

AddOutputFilterByType DEFLATE text / css

AddOutputFilterByType DEFLATE application / xml

AddOutputFilterByType DEFLATE application / xhtml + xml

AddOutputFilterByType DEFLATE application / rss + xml

AddOutputFilterByType DEFLATE application / javascript

AddOutputFilterByType DEFLATE application / x-javascript

You can add as many formats as you consider appropriate. Of course, the backup is not listed in case one of them stops working properly.

Activate the image cache

Our last command is specially designed for those sites that have many photos and videos , in which your web server does not work very smoothly.

Your solution is to get your visitors’ browser to save a cache of these graphic resources and, the next time they visit you, the loading of images will be much faster.



<FilesMatch "\. (Ico | jpg | jpeg | png | gif) $">

Header set Cache-Control "max-age = 2592000, public"

</FilesMatch>

With the new General Data Protection Law, any website that performs user cache storage practices must notify them and that they accept this practice. So we recommend that you inform yourself in depth about this aspect.