A Starting Point .htaccess File For New Websites Explained

The .htaccess file is a very powerful tool on your cpanel or apache based hosting and acts as a configuration file for various items. It is super handy to setup things like redirects, error pages, additional security and much more.

One thing to note, if on your first go, you can’t locate this file, either on your Mac, FTP program or Cpanel file manager, try showing hidden files and it should appear for you.

Initial Settings

Firstly, lets set some default options for the file, this can go at the very top of your .htaccess file.

Options +FollowSymLinks
RewriteEngine On
RewriteBase /

Site Redirect of non-www to www version

It is a Google recommendation that only one version (either the with or without the www) of your site is available and the unwanted version correctly redirects users with a 301 redirect.

# any requests to the non-www domain should be transferred to the www. version
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Redirect to HTTPS as well

If your website hosting has a security certificate (SSL) installed, then it would be best to make use of this and also redirect users to the https:// version of the site in a similar manner to above. Add the below code in addition to the above to ensure all users hit the https, secure version of your site.

# if this is a secure site, tranfer to HTTPS version as well 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Adding Some Basic Security

There are some quick security holes that can be plugged by just a few lines in the .htaccess file. The below code will stop users being able to view all of your directory structure (something hackers will target to find more about your website structure) and safeguard against the .htacesss and other configuration files that may contain important database passwords from being viewed.

#turn off directory browsing
Options All -Indexes

#prevent viewing of the .HTACCESS
<Files .htaccess>
order allow,deny
deny from all

#prevent viewing of the config file
<Files /includes/config.php>
order allow,deny
deny from all

A custom 404 error page

In the event a page cannot be found, your web server will return a default 404 message, which may look a little bland. Adding the below line will instead return a file of your choice.

#404 Not Found error page
ErrorDocument 404 /files/404.php

301 Redirects

When launching a new site, an important step is to ensure the previous urls link to the current pages to avoid lost traffic or Google rank. 301 redirects in your htaccess file perform this task well.

Simply add the old page first, in a relative format, so without any domain name (pages/contact-us.html shown below) then separated with a space the full new location url (

#Sample 301
Redirect 301 pages/contact-us.html