.htaccess Useful Code


Useful code for use with your .htaccess configuration file.


Logging Errors Using .htaccess

  1. Create and upload a .htaccess to your domain.
  2. Stop PHP errors from displaying on your website by adding the following lines to your .htaccess file.
  3. # Do not display PHP error messages
    php_flag display_startup_errors off
    php_flag display_errors off
    php_flag html_errors off
  4. Enable PHP error logging and specify your php_error.log by the following lines to your .htaccess file.
  5. # enable PHP error logging
    php_value error_reporting INSERT_VALUE_HERE
    php_flag log_errors on
    php_value error_log /hsphere/local/home/USERNAME/php_error_your_domain.log

    INSERT_VALUE_HERE
    The value used defines the level or error reporting you require, for example:

    • -1 = ALL errors, not recommended but can be useful when used sparingly.
    • 30719 = Same as E_ALL, less info than -1
    • 30711 = E_ALL but not E_NOTICE
    • 30709 = E_ALL but not E_NOTICE or E_WARNING
    • 22517 = E_ALL but not E_NOTICE or E_WARNING or E_DEPRECATED


    Please ensure that the path used in ‘php_value error_log’ is correct, you can find this from within your control panel under FTP/User Account > FTP User > Home Directory.

  6. Create the php_error_your_domain.log file.
  7. Depending on the PHP mode your site is running:
    • PHP libPHP mode you will need to give this file world writeable/777 permissions using your FTP client.
    • PHP FastCGI mode is recommend as you do not have to open additional permissions (FTP uploaded files will have 644 permissions by default).

Password Protecting Directories using .htaccess

Steps to Take

  1. Create a file named passwordhash.php and add the following code to it:
  2. <?php
    // Password to be encrypted for a .htpasswd file
    $clearTextPassword = 'your_password_here';
    
    // Encrypt password
    $password = crypt($clearTextPassword, base64_encode($clearTextPassword));
    
    // Print encrypted password
    echo $password;
    ?>
    

    Where your_password_here is replaced with the password you wish to use.

  3. Upload the file to your domain via FTP
  4. Visit the page you just created and make a copy of the hash.
  5. Open a text editor such as Notepad++ and add the following: user_name_here:hash_here
  6. Your .htpasswd contents should look similar to the following

    admin:cRgFGHqwey3sS
    

  7. Save the file as .htpasswd (Please ensure that you have the file type set to All types) and upload it to your domain via FTP.
  8. Create and upload a .htaccess to your domain.
  9. Add the following contents to the file:
  10. AuthType Basic
    AuthName "Password Protected Area"
    AuthUserFile /hsphere/local/home/YOUR_ACCOUNT_USERNAME/YOUR_DOMAIN/.htpasswd
    Require valid-user
    

    Replacing YOUR_ACCOUNT_USERNAME & YOUR_DOMAIN respectively.

  11. Delete the passwordhash.php you created earlier on.

That’s it, visiting your domain should now prompt you for a username and password


Canonical (preferred) 301 redirect with a .htaccess file

  1. Create and upload a .htaccess to your domain.
  2. Insert the following code into your .htaccess file.
  3. RewriteEngine On
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
    

Setting a new document root with .htaccess

  1. Create and upload a .htaccess to your domain.
  2. Place the following code within your .htaccess file replacing example.com with the relevant domain.
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^example.com$ [NC,OR]
    RewriteCond %{HTTP_HOST} ^www.example.com$
    RewriteCond %{REQUEST_URI} !public/
    RewriteRule (.*) /public/$1 [L]
    

Redirecting HTTP to HTTPS using .htaccess

  1. Create and upload a .htaccess to your domain.
  2. Place the following lines into the .htaccess file.
  3. RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
    

Blocking Referer Link Spam with .htaccess

  1. Create and upload a .htaccess to your domain.
  2. Add the following lines to your .htaccess file, replacing example1.com & example2.com with the relevant domains.
  3. RewriteEngine on
    RewriteCond %{HTTP_REFERER} mygreatproduct.com [NC,OR]
    RewriteCond %{HTTP_REFERER} anothergreatproduct.com [NC]
    RewriteRule .* - [F]
    

Using a .htaccess File to Block IP Addresses

  1. Create and upload a .htaccess to your domain.
  2. Place one of the sets of code below with the relevant IP addresses changed.
  3. Blocking Specific IP Addresses

    order allow,deny
    deny from 192.168.1.1
    deny from 192.168.1.2
    deny from 192.168.1.3
    allow from all
    

    Blocking Subnets, ISPs or Hostnames

    order allow,deny
    deny from someisp.co.uk
    deny from 192.168.
    allow from all
    

    Deny All, But Allow Specific IPs or Networks

    order deny,allow
    deny from all
    allow from 192.168.1.1
    

Enabling Gzip with a .htaccess File

  1. Create and upload a .htaccess to your domain.
  2. Insert the following code into your .htaccess.
  3. #Gzip
    php_flag zlib.output_compression on
    AddOutputFilterByType DEFLATE text/text text/html text/plain text/css text/xml application/x-javascript application/javascript text/javascript
    #End Gzip
    

Leverage Browser Caching with .htaccess

  1. Create and upload a .htaccess to your domain.
  2. Add the following code, with any time lengths changed.
    <IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access 1 year"
    ExpiresByType image/jpeg "access 1 year"
    ExpiresByType image/gif "access 1 year"
    ExpiresByType image/png "access 1 year"
    ExpiresByType text/css "access 1 month"
    ExpiresByType text/html "access 1 month"
    ExpiresByType application/pdf "access 1 month"
    ExpiresByType text/x-javascript "access 1 month"
    ExpiresByType application/x-shockwave-flash "access 1 month"
    ExpiresByType image/x-icon "access 1 year"
    ExpiresDefault "access 1 month"
    </IfModule>
    

Removing File Extensions using a .htaccess File

  1. Create and upload a .htaccess to your domain.
  2. Add the following code to your .htaccess file. This can be edited further to include other extensions such as .php by copying the RewriteRule lines and replacing .html with another extension.
  3. RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^([^/]+)/$ $1.html
    RewriteRule ^([^/]+)/([^/]+)/$ /$1/$2.html
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$
    RewriteRule (.*)$ /$1/ [R=301,L]
    

Stop Image Hot-Linking via a .htaccess File

  1. Create and upload a .htaccess to your domain.
  2. Add the following code to your .htaccess file.
  3. RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.co.uk(/)?.*$ [NC]
    RewriteRule .*.(gif|jpg|png)$ http://www.domain.co.uk/nohotlinking.png [R,NC]
    

Block Spidering using a .htaccess File

  1. Create and upload a .htaccess to your domain.
  2. Add the following code with the relevant parts replaced.
  3. RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} ^searchbot1 [OR]
    RewriteCond %{HTTP_USER_AGENT} ^searchbot2 [OR]
    RewriteCond %{HTTP_USER_AGENT} ^searchbot3
    RewriteRule ^(.*)$ http://www.yourSite.com/goAway.html
    


    Or alternatively

    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} ^searchbot1 [OR]
    RewriteCond %{HTTP_USER_AGENT} ^searchbot2 [OR]
    RewriteCond %{HTTP_USER_AGENT} ^searchbot3
    RewriteRule ^(.*)$ http://www.someOtherWebsite.com/ [R, L]
    

Block Visitors From Specific Referring Sites

  1. Create and upload a .htaccess to your domain.
  2. Add the following code.
  3. RewriteEngine on
    RewriteCond %{HTTP_REFERER} site-to-block.com [NC]
    RewriteCond %{HTTP_REFERER} site-to-block-2.com [NC]
    RewriteRule .* - [F]
    

Prevent Users Accessing Log Files via the Web Browser

  1. Create and upload a .htaccess to your domain.
  2. Add the following with NAME_OF_ERROR_LOG.log replaced with your log file name.
  3. <Files NAME_OF_ERROR_LOG.log>
    Order allow,deny
    Deny from all
    Satisfy All
    </Files>
    

Implementing Custom Error Message Pages using .htaccess

  1. Create and upload a .htaccess to your domain.
  2. Implement the following code with the specific error documents you have set up.
  3. ErrorDocument 403 /somePage1.html
    ErrorDocument 404 /somePage2.html
    ErrorDocument 500 /somePage3.html
    

Protecting WP-Admin with .htaccess

  1. Create and upload a .htaccess to your domain.
  2. Make a note of your IP Address.
  3. Add the following code into your .htaccess with 192.168.0.1 with you IP Address.
  4. <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
        RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
        RewriteCond %{REMOTE_ADDR} !^192.168.0.1$
        RewriteRule ^(.*)$ - [R=403,L]
    </IfModule>
    

Enable/Disable Directory Browsing using a .htaccess File

  1. Create and upload a .htaccess to your domain.
  2. To Enable Directory Browsing add the following code.
  3. Options +Indexes
    ## block a few types of files from showing
    IndexIgnore *.wmv *.mp4 *.avi
    
  4. To Disable Directory Browsing add the following code.
  5. Options All -Indexes
    

Redirecting to another domain using your .htaccess file

  1. Create and upload a .htaccess to your domain.
  2. To Redirect to another domain add the following code.
  3. RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} ^OLDDOMAIN\.com$ [NC]
    RewriteRule ^(.*)$ http://NEWDOMAIN.com [R=301,L]
    

    Simply replace the OLDDOMAIN.COM & NEWDOMAIN.COM with your respected domains.