Learn How To Use .htaccess For Blog Redirects + Password Protections

Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more

Sharing is caring!

Last Updated on June 26, 2019

Blogging successfully requires a menagerie of skills. Just to name a few, you need competent writing skills, knowledge of SEO, CMS familiarity (like WordPress), and the ability to find your way around an FTP panel. Sometimes, however, a blogger is also called to step into the slightly terrifying arena of writing code.

Even though blogging applications like WordPress give you tools, sometimes you need more control than they offer. In these cases, you’ll need to become familiar with the web server file called .htaccess.

What Is .htaccess?

If your blog is hosted on a web server running Apache, you might recall seeing a file called .htaccess in your blog’s web root folder. (The root folder is usually named Public_HTML or www.)

The .htaccess file’s name is short for “Hypertext Access” and it acts kind of like a bouncer at a nightclub. It controls who has access to the files and directories on your blog as well as making sure that requests to the server are handled correctly for the directory tree in which its located.

What Does .htaccess Do?

Back in the early days of the internet, before Content Management Systems (CMS) existed, the .htaccess file was used to restrict access to a server’s directories. Today, it’s still used for access restriction but it’s also used in other ways — like for redirects.

The .htaccess file also does other nifty stuff, but we’re only going to talk about redirects and password protection in this post. (You can find resources to learn more about .htaccess at the bottom of this post.)

Don’t Forget the Punctuation

Note that the file name for .htaccess starts with a period — like the punctuation that comes at the end of this sentence or between a file name and its extension. That’s because it’s considered a system file which is normally hidden to protect it from accidental tampering. Remember the initial period punctuation when you make or restore backups of the file.

How to Redirect Error Codes 301 and 302

Bloggers can typically use plug-ins to their CMS to interpret URL redirect messages and route them correctly. However, knowing how to change the .htaccess file for redirects is a handy skill. If your blog is throwing up error codes 301 (permanently moved) or 302 (temporarily moved) because you’ve reorganized your blog, you can edit the .htaccess file to fix the problem.

Since 301 is by far the most common error so we’ll use it in our examples — but the same rules apply if you’re fixing a 302 error.

Redirect Coding Examples

Here’s the line of code you need to add to the .htaccess file to redirect a web page to a different location:

Redirect 301 /relative-url.html http://example.com/full-url.html

Here’s how to make sense of the command above:

  1. Redirect command = [Redirect][space]
  2. The code for the type of redirect = [301][space]
  3. Relative URL of the original page = [/relative-url.html][space]
  4. Complete URL of the new page = [http://example.com/full-url.html]

The “relative URL” is in relation to the directory which contains the .htaccess file you’re editing; it’s usually in the root directory of your blog. So if the page you want to move is http://mydomain.com/bloghome.htm then the relative URL would be /bloghome.htm.

The “complete URL” is the full web address of the newly-moved page, just as it would appear in your browser’s URL bar. So, if you moved the page above to an archive directory, your command line might look like this:

Redirect 301 /bloghome.htm http://mydomain.com/archives/bloghome.htm

Redirect an Entire Directory or Site

The above example shows how to redirect a single page of your blog. Now, in the case of a blog archive, it would be pretty onerous to move every page one by one with its own line in the .htaccess file. No worries. You can move an entire directory to another location like so:

Redirect 301 /current-blog http://mydomain.com/archive

What if you’ve moved your blog to an entirely new domain? As long as you keep the subdirectories the same, it’s pretty easy to redirect everything by simply entering a slash where the relative URL would normally go:

Redirect 301 / http://mynewblog.com

How to Password Protect Directories

To control directory access by username, follow these steps:

  1. Create an .htpasswd file, populate it using a plain text editor, and upload it via FTP or file manager. Don’t forget the leading period!
  2. Upload the .htpasswd file to a directory that isn’t publicly accessible – e.g., a folder above your Public_HTML or www directory.
  3. With your list of usernames and passwords handy, use a utility like Aspirine.org to encrypt the passwords. Just copy and paste the output into your .htpasswd file.
  4. Next, add the following code to your .htaccess file such that you replace “johnsmith” and “janedoe” with actual user names from your .htpasswd file.

AuthUserFile /usr/local/etc/.htpasswd
AuthName "Name of Secure Area"
AuthType Basic
<Limit GET POST>
require user johnsmith
require user janedoe

Grouping Users for Access Control

Restricting access by groups with different profiles can make your life a little easier because you don’t need one line for every user in your .htaccess file.

Create a file called .htgroups with a row per group, separating usernames with spaces, like so:

admin: johnsmith janedoe
staff: jackdoe cindysmith

Then designate access for the groups in your .htaccess file using the relative paths to the password and group files, as below. (Change the “etc” in the paths below to the relative directory where each file is housed.)

AuthUserFile /usr/local/etc/.htpasswd
AuthGroupFile /usr/local/etc/.htgroup
AuthName "Admin Area"
AuthType Basic
<Limit GET POST>
require group admin

Other things you can do with .htaccess files

If monkeying around with coding sounds interesting to you, here are some other things you can use the .htaccess file for:

  • Getting creative with your “404 Not Found” page
  • Whitelisting or blacklisting IP addresses or domain names
  • Blocking hotlinks, malicious bots, and crawlers

Additional Resources

We’ve only given you a streamlined idea of what you can do with .htaccess files. Here are some additional resources, including in-depth documentation:


It’s good practice to try dealing with redirects and password protection via your blogging application first. But if necessary, you now have the skill to use the .htaccess file to have more direct control.

Natalie has been blogging since before the word “blog” existed. Her work has been published on Engadget, Laptopmag.com, Tom’s Guide, and About.com. She lives in Southern California with her husband, their feline-American children, and a banjo.