On servers that use Apache, a .htaccess file lets you control high-level website configuration without having to edit your server configuration files. You can even apply different settings to different directories by using multiple .htaccess files. You can theoretically create a .htaccess file in any directory on your server, by creating and uploading a plain text file.
Generally, you want to minimize the number of .htaccess files on your server because too many configurations can slow your server down. When your server sees a .htaccess file in a directory, it looks for .htaccess files in all the parent directories, too, increasing server resource usage. .htaccess files that are higher up in the file path always take precedence.
Apache is configured so all files named .htaccess are hidden. These files have important configuration information and can be used to compromise your server.
The most common uses for .htaccess are:
- redirecting URLs to be more easily readable (e.g., mysite.com/product/shirt instead of mysite.com/prodid=1234)
- loading custom error pages (e.g., 404 pages)
- forcing your site to use https instead of HTTP.
- password protecting certain directories
- preventing hotlinking
Using .htaccess files is a powerful tool for managing your server, but it can be tricky. Make sure you are familiar with making changes to your server before you start editing .htaccess files. Before making any changes to configuration files, we strongly recommend you take a backup of the file.