We are performing maintenance on our clinet area https://my.hostafrica.com/ : Maintenance window from 11AM 03/07/2022

4 .htaccess tips and tricks for your website

The .htaccess file is one of the most important pieces of your website. It’s used in conjunction with the Apache Web Server software to execute or disable features offered by the software. By design, it’s both a blessing and a curse depending on how you set up the file.

Unless you’ve created a website from scratch, every major piece of open source software, such as Joomla or WordPress, will include a .htaccess, though most systems have it disabled by default. In general, it is placed in the ROOT folder, which allows it to control every file and subfolder under it, so basically your entire website.

The file can be created with a plain text editor, such as notepad or notepad++. Other word processors, such as Microsoft Word, will add additional coding to the file, which will cause problems.

It also has to be named .htaccess and not file.htaccess as it’s not an extension. When uploading it to your website, be sure to set its permissions to 775 and create it in ASCII mode, otherwise, it won’t function correctly.

Error redirects

Instead of your website displaying stock standard error pages generated by Apache Web Server, you can create unique ones that are more user-friendly. In the .htaccess file, create the following code:

ErrorDocument 404 /errors/error404.html

This tells the server software that if a user hits a 404 error page, which means that the page cannot be found, it should display the error404.html file in the errors directory of your website.

You can have a range of these in your .htaccess file, which will display per error message. For example:

ErrorDocument 404 /errors/error404.html
ErrorDocument 500 /errors/error500.html

Redirects through htaccess

Redirects are useful if you have moved website content and need to push the user in the right direction. Creating a .htaccess rule for this requires that you have the location of the old content as well as the new location as well.

Redirect /old_site/ http://yoursite.co.za/content/index.html.

The word “redirect” gives the Apache Web Server that command and that it’s for content in the /old_site/ folder. The user is then sent to where the new content is created at http://yoursite.co.za/content/index.html.

Password Protection

While software such as WordPress includes user authentication for logging in, it’s useful to further secure the admin login page, or just any important page on your website. This rule requires the user to have a login name and password, otherwise, the Apache Web Server won’t let them access it.

For password protection, you will need two different files. The first is .htaccess, which will hold several key values. The second is the .htpasswd, which will store all of the username and password information.

AuthName “Website Login”
AuthUserFile /user/password/.htpasswd
AuthType Basic
require valid-user

The AuthName states what the password is, which will show when it prompts the user. The second line states where the password details are kept, while the third states which kind of application, and the file line allows the login if the user is valid.


While the password file can be placed anywhere, it should ultimately be in a folder that isn’t accessible to the public.

Hotlink Prevention

The .htaccess file is able to tell the Apache Web Server to disallow other websites from using your content. An interesting way of doing this is to disallow the use of images, and instead, replace them with something else. The ‘mod_rewrite’ needs to be enabled on the server in order for this to work.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/hotlink.jpg [R,L]

This example tells the server the disallow any domain that isn’t yours from accessing .gif and .jpg files, and instead send a different image their way.



Share this article: