The .htaccess file is a very powerful tool on your cpanel or apache based hosting and acts as a configuration file for various items. It is super handy to setup things like redirects, error pages, additional security and much more.
One thing to note, if on your first go, you can’t locate this file, either on your Mac, FTP program or Cpanel file manager, try showing hidden files and it should appear for you.
Initial Settings
Firstly, lets set some default options for the file, this can go at the very top of your .htaccess file.
Options +FollowSymLinks RewriteEngine On RewriteBase /
Site Redirect of non-www to www version
It is a Google recommendation that only one version (either the with or without the www) of your site is available and the unwanted version correctly redirects users with a 301 redirect.
# any requests to the non-www domain should be transferred to the www. version
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Redirect to HTTPS as well
If your website hosting has a security certificate (SSL) installed, then it would be best to make use of this and also redirect users to the https:// version of the site in a similar manner to above. Add the below code in addition to the above to ensure all users hit the https, secure version of your site.
# if this is a secure site, tranfer to HTTPS version as well
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Adding Some Basic Security
There are some quick security holes that can be plugged by just a few lines in the .htaccess file. The below code will stop users being able to view all of your directory structure (something hackers will target to find more about your website structure) and safeguard against the .htacesss and other configuration files that may contain important database passwords from being viewed.
#turn off directory browsing Options All -Indexes #prevent viewing of the .HTACCESS <Files .htaccess> order allow,deny deny from all </Files> #prevent viewing of the config file <Files /includes/config.php> order allow,deny deny from all </Files>
A custom 404 error page
In the event a page cannot be found, your web server will return a default 404 message, which may look a little bland. Adding the below line will instead return a file of your choice.
#404 Not Found error page ErrorDocument 404 /files/404.php
301 Redirects
When launching a new site, an important step is to ensure the previous urls link to the current pages to avoid lost traffic or Google rank. 301 redirects in your htaccess file perform this task well.
Simply add the old page first, in a relative format, so without any domain name (pages/contact-us.html shown below) then separated with a space the full new location url (https://www.yourwebsite.com/contact/)
#Sample 301 Redirect 301 pages/contact-us.html https://www.yourwebsite.com/contact/