Somewhere on your Apache web server — assuming you're on shared hosting, most managed WordPress hosts, or a traditional cPanel setup — there's a small, hidden text file called .htaccess. No extension, just a dot and the word "htaccess." It's hidden by default in most file managers. Most site owners have never opened it. And yet it sits at the root of your website quietly making decisions about how every HTTP request to your server is handled — including decisions that directly affect your SEO.

Understanding what .htaccess does and how to use it for redirects is one of those technical SEO skills that pays dividends for years. It's also one where a single typo can take your entire site offline. This guide covers both — what it does, how to use it correctly, and how to avoid the mistakes that turn a simple redirect into an emergency.

What .htaccess Actually Does

.htaccess is a directory-level configuration file for Apache web servers. It allows you to override server-wide settings for a specific directory and all its subdirectories — without touching the main server configuration. When Apache receives a request for any file in a directory containing a .htaccess file, it reads and applies the directives in that file before processing the request.

The range of things .htaccess can control is broad: URL redirects, URL rewriting, access restrictions, custom error pages, HTTPS enforcement, caching headers, MIME type declarations, and more. For SEO purposes, three capabilities matter most:

• 301 redirects — permanently redirecting old URLs to new ones, preserving link equity and ranking signals
• HTTPS enforcement — automatically redirecting all HTTP traffic to HTTPS
• www/non-www canonicalization — enforcing a consistent URL format across your entire site

Where to Find and Edit Your .htaccess File

Your primary .htaccess file lives in the root directory of your website — the same folder that contains your index.php or index.html file. On most cPanel hosting setups, you can access it through the File Manager. In FTP clients, you'll need to enable "show hidden files" since the dot prefix hides it from standard directory listings.

Always back up your .htaccess file before editing it. This is not optional advice — it's the difference between a recoverable mistake and a site outage that requires a server restore. Download a copy to your local machine before touching a single character. A syntax error in .htaccess typically produces a 500 Internal Server Error that takes down your entire site until the error is fixed or the file is restored.

The Anatomy of a .htaccess Redirect

The most common .htaccess redirect uses Apache's mod_rewrite module. A basic 301 redirect looks like this:

RewriteEngine On
Redirect 301 /old-page/ https://yourdomain.com/new-page/

Breaking it down:

• RewriteEngine On — activates the URL rewriting engine. Must be present before any rewrite rules.
• Redirect 301 — specifies a permanent redirect (301). Use 302 for temporary redirects, but almost every SEO redirect should be a 301.
• /old-page/ — the path being redirected, relative to the root (no domain needed).
• https://yourdomain.com/new-page/ — the full destination URL including protocol and domain.

For redirecting an entire old domain to a new one — common after rebranding or domain migrations:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^olddomain\.com$ [NC]
RewriteRule ^(.*)$ https://newdomain.com/$1 [R=301,L]

This captures the full URL path ($1) and appends it to the new domain, so olddomain.com/any/page/ redirects to newdomain.com/any/page/ — preserving the URL structure and all associated link equity.

Enforcing HTTPS with .htaccess

One of the most important .htaccess configurations for SEO is forcing all HTTP traffic to redirect to HTTPS. This ensures your HTTPS ranking signal is consistent and prevents the duplicate content problems that arise when your site is accessible at both HTTP and HTTPS versions of every URL.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This checks whether the request is coming in over HTTP (%{HTTPS} off) and if so, redirects to the HTTPS version of the same URL. The %{HTTP_HOST} and %{REQUEST_URI} variables preserve the domain and full path, so every URL redirects cleanly to its HTTPS equivalent.

Enforcing www or non-www

Another canonical SEO configuration: ensuring all traffic goes to either the www or non-www version of your domain, eliminating a common source of duplicate content. Choose one and redirect the other consistently.

Redirect to www:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\.com$ [NC]
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]

Redirect to non-www:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.yourdomain\.com$ [NC]
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]

Whichever you choose must match your Google Search Console property, your Google Business Profile website URL, your XML sitemap URLs, and your canonical tags. Consistency across all of these is the core of the NAP consistency principle applied to your own domain.

Common .htaccess Mistakes That Break Sites

• Forgetting RewriteEngine On. Every file using RewriteRule directives needs RewriteEngine On declared before them. Without it, the rules are silently ignored — or worse, cause a 500 error.
• Creating redirect loops. Redirecting a URL to itself, or creating a circular chain (A → B → A), produces a "too many redirects" error that makes the page completely inaccessible. Always verify redirects with the Redirect & Header Checker after implementing them.
• Wrong slash handling. /old-page and /old-page/ are treated as different paths. Be explicit about trailing slashes and test both variants.
• Escaping dots in domain names. In regex patterns, a dot matches any character. In .htaccess RewriteCond patterns, domain names must escape dots with a backslash: yourdomain\.com not yourdomain.com.
• Order of rules matters. Apache processes .htaccess rules top to bottom. A catch-all redirect rule placed before specific rules will intercept everything — including the specific cases you wanted to handle differently. Always put specific rules before general ones.
• Encoding issues. .htaccess files must be saved as plain text with Unix line endings (LF, not CRLF). Editing in Windows Notepad and uploading can introduce invisible characters that cause parse errors.

Using the .htaccess Redirect Generator

Writing .htaccess redirect rules by hand is error-prone even for experienced developers — the regex syntax is unforgiving and the consequences of mistakes are immediate and site-wide. The .htaccess Redirect Generator builds correctly formatted redirect rules for the most common scenarios — single URL redirects, domain-wide redirects, HTTPS enforcement, and www/non-www canonicalization — without requiring you to write or understand the underlying regex.

The workflow: generate the rule, copy it into your .htaccess file below any existing rules, save the file, then immediately verify the redirect is working correctly with the Redirect & Header Checker. Confirm the old URL returns a 301 status pointing to the correct destination, with no redirect chains and no loops. If anything looks wrong, restore your backup immediately and diagnose before trying again.

Server-level redirects via .htaccess are faster and more reliable than CMS-level redirects — they execute before WordPress, PHP, or any application code runs, which means they work even when your CMS is having problems. For any redirect that needs to be permanent and reliable, .htaccess is the right place to implement it. Combined with regular checks using the Redirect & Header Checker to catch redirect chains before they accumulate, server-level redirect management is one of the cleanest and most durable parts of a solid technical SEO foundation.