Learn How To Use .htaccess For Blog Redirects + Password Protections
Sharing is caring!
Blogging successfully requires a menagerie of skills. Just to name a few, you need competent writing skills, knowledge of SEO, CMS familiarity (like WordPress), and the ability to find your way around an FTP panel. Sometimes, however, a blogger is also called to step into the slightly terrifying arena of writing code.
Even though blogging applications like WordPress give you tools, sometimes you need more control than they offer. In these cases, you’ll need to become familiar with the web server file called
What Is .htaccess?
If your blog is hosted on a web server running Apache, you might recall seeing a file called
.htaccess in your blog’s web root folder. (The root folder is usually named Public_HTML or www.)
.htaccess file’s name is short for “Hypertext Access” and it acts kind of like a bouncer at a nightclub. It controls who has access to the files and directories on your blog as well as making sure that requests to the server are handled correctly for the directory tree in which its located.
What Does .htaccess Do?
Back in the early days of the internet, before Content Management Systems (CMS) existed, the
.htaccess file was used to restrict access to a server’s directories. Today, it’s still used for access restriction but it’s also used in other ways — like for redirects.
.htaccess file also does other nifty stuff, but we’re only going to talk about redirects and password protection in this post. (You can find resources to learn more about
.htaccess at the bottom of this post.)
Don’t Forget the Punctuation
Note that the file name for
.htaccess starts with a period — like the punctuation that comes at the end of this sentence or between a file name and its extension. That’s because it’s considered a system file which is normally hidden to protect it from accidental tampering. Remember the initial period punctuation when you make or restore backups of the file.
How to Redirect Error Codes 301 and 302
Bloggers can typically use plug-ins to their CMS to interpret URL redirect messages and route them correctly. However, knowing how to change the
.htaccess file for redirects is a handy skill. If your blog is throwing up error codes 301 (permanently moved) or 302 (temporarily moved) because you’ve reorganized your blog, you can edit the
.htaccess file to fix the problem.
Since 301 is by far the most common error so we’ll use it in our examples — but the same rules apply if you’re fixing a 302 error.
Redirect Coding Examples
Here’s the line of code you need to add to the
.htaccess file to redirect a web page to a different location:
Redirect 301 /relative-url.html http://example.com/full-url.html
Here’s how to make sense of the command above:
- Redirect command =
- The code for the type of redirect =
- Relative URL of the original page =
- Complete URL of the new page =
The “relative URL” is in relation to the directory which contains the
.htaccess file you’re editing; it’s usually in the root directory of your blog. So if the page you want to move is
http://mydomain.com/bloghome.htm then the relative URL would be
The “complete URL” is the full web address of the newly-moved page, just as it would appear in your browser’s URL bar. So, if you moved the page above to an archive directory, your command line might look like this:
Redirect 301 /bloghome.htm http://mydomain.com/archives/bloghome.htm
Redirect an Entire Directory or Site
The above example shows how to redirect a single page of your blog. Now, in the case of a blog archive, it would be pretty onerous to move every page one by one with its own line in the
.htaccess file. No worries. You can move an entire directory to another location like so:
Redirect 301 /current-blog http://mydomain.com/archive
What if you’ve moved your blog to an entirely new domain? As long as you keep the subdirectories the same, it’s pretty easy to redirect everything by simply entering a slash where the relative URL would normally go:
Redirect 301 / http://mynewblog.com
How to Password Protect Directories
To control directory access by username, follow these steps:
- Create an
.htpasswdfile, populate it using a plain text editor, and upload it via FTP or file manager. Don’t forget the leading period!
- Upload the
.htpasswdfile to a directory that isn’t publicly accessible – e.g., a folder above your Public_HTML or www directory.
- With your list of usernames and passwords handy, use a utility like Aspirine.org to encrypt the passwords. Just copy and paste the output into your
- Next, add the following code to your
.htaccessfile such that you replace “johnsmith” and “janedoe” with actual user names from your
AuthName "Name of Secure Area"
<Limit GET POST>
require user johnsmith
require user janedoe
Grouping Users for Access Control
Restricting access by groups with different profiles can make your life a little easier because you don’t need one line for every user in your
Create a file called
.htgroups with a row per group, separating usernames with spaces, like so:
admin: johnsmith janedoe staff: jackdoe cindysmith
Then designate access for the groups in your
.htaccess file using the relative paths to the password and group files, as below. (Change the “etc” in the paths below to the relative directory where each file is housed.)
AuthUserFile /usr/local/etc/.htpasswd AuthGroupFile /usr/local/etc/.htgroup AuthName "Admin Area" AuthType Basic <Limit GET POST> require group admin </Limit>
Other things you can do with .htaccess files
If monkeying around with coding sounds interesting to you, here are some other things you can use the
.htaccess file for:
- Getting creative with your “404 Not Found” page
- Whitelisting or blacklisting IP addresses or domain names
- Blocking hotlinks, malicious bots, and crawlers
We’ve only given you a streamlined idea of what you can do with .htaccess files. Here are some additional resources, including in-depth documentation:
It’s good practice to try dealing with redirects and password protection via your blogging application first. But if necessary, you now have the skill to use the
.htaccess file to have more direct control.