If you want to redirect all requests from a particular URL or a set of URLs to another URL, or a pattern of URLs, you can do so via an htaccess RewriteRule. In this article, I’ll start with a simple example to get started. Then I’ll explain how htaccess works and why it’s important. We’ll proceed in the second half of the article to more complicated examples involving regular expressions, and how to replace patterns with other patterns.
Mastering htaccess RewriteRules allows you to avoid all kinds of resource-intensive plugins and PHP code that slows down your site. So it’s well worth learning the basics and using tools to craft and test your expressions.
Using a Simple htaccess RewriteRule
If you already know what an htaccess file is, and are just looking for a quick primer on how to use RewriteRules, this section should get you started. Here’s the syntax for a basic RewriteRule:
RewriteRule Pattern Substitution [Flags]
It’s self-explanatory. The “Pattern” section matches the kind of strings you want to match and the “Substitution” is what you want to replace it with. As mentioned, you can use RegEx to make this as complicated as you want, but here’s a simple example of how it works:
RewriteRule ^old-page$ new-page [R=301,L]
The above rule will apply to all pages that end with “old-page” and replace it with “new-page”. So the following URL:
That’s pretty simple, right?
Htaccess rules can break your website if you’re not careful. Unlike software like WordPress, which has checks making it hard to accidentally crash your site, htaccess is just a file interpreted by Apache “as-is”. There are no safety nets and if you make even a small mistake, you can render your entire website inaccessible.
As a result, it’s supremely important to test your RewriteRules as often as you can. Try and break them yourself before someone else does it! For this, I use this htaccess testing tool. I’ve been using it for years, and am very impressed with how cleanly it works. Here’s a screenshot of me using the tool to test the above RewriteRule:
You can see that the command works as advertised. While constructing your htaccess file, make sure to use this tool frequently.
Accessing the .htaccess File
If you don’t know how to get started with htaccess RewriteRules, this section is for you. It all starts with the .htaccess file. This is a small, hidden text file that lives in the root directory of your website. Actually, it can live in any directory but let’s focus on the root directory for now.
To access this file, you need to open your web host’s file manager. For example, if you’re using cPanel (and you probably are), then this is what the File Manager tool looks like:
If you’re using a web host that implements a different web hosting control panel, then check and explore their interface to find the file manager. It’s usually in a prominent location. Once you open the File Manager tool, navigate to the root of your website application. This is usually located at:
You might have WordPress installed in a subfolder instead of directly on the website’s root location, in which case you need to navigate to the subfolder in question. Here’s a screenshot of me accessing the root directory of my WordPress installation:
If you’re using WordPress like I am, this is the directory that contains the following folders:
The presence of these three folders in your directory indicates that you’re at the root of your WordPress installation. Because the “.htaccess” file starts with a dot (.), it’s classified as a hidden file. By default, file managers generally don’t show hidden files because they don’t want users to accidentally modify them. So you need to go into your file manager settings and enable the option to show hidden files as shown here:
Save your changes, and you should now be able to see the .htaccess file.
Take a Backup First
As I pointed out earlier in the article, if you’re careless about modifying the .htaccess, you could break your site easily, as there are no railguards. So I suggest you first either copy the contents of the existing .htaccess file to a notepad on your local computer first, or create a backup copy of the .htaccess file that you can later restore if something goes wrong. Whichever method you choose, don’t just change it casually. I’ve seen many WordPress installations break simply because the site administrator made a syntax error in the .htaccess file.
More Complicated .htaccess Rewrite Rules
We’ve looked at simple rewrite rules like replacing a URL that ends with a specific string. But now, let’s see how we can use regular expressions to replace parts of URLs. This turbocharges the power of RewriteRules and allows you to craft some pretty amazing redirects.
For example, let’s say I want to replace all URLs whose slug starts with the word “test”, with a similar URL, but with the word “anothertest” instead of “test”, here’s an example of a RewriteRule that does just that:
RewriteRule ^test(.*)$ anothertest$1 [R=301,L]
Let’s break this down a bit. The first pattern matches the slug that starts with “test”. The caret (^) signifies the start of the string. This is followed by a standard regular expression “(.*)”, which indicates “whatever comes afterward. RegEx is an intricate system of rules to match symbols, and it’s beyond the scope of this article to explain how it works. Recently though, I’ve found it very useful to use AI like ChatGPT to create regular expressions. But you must always check their work – sometimes these tools make mistakes, and it’s up to you to use them responsibly.
The second part of the RewriteRule involves the target string. Here, we start the string with “anothertest”, and then $1 refers to the first match of the previous RegEx string in paranthesis, which in this case is “(.*)”. So the rule will just copy/paste whatever was the first match and append it to “anothertest”.
You can test this by using the .htaccess testing tool I showed you earlier. Use various URLs that start with “test” – as well as some which don’t! – and make sure that the RewriteRule is working as you expect it to.
Using Rewrite Rules to Protect Sensitive Folders
A good use of rewrite rules is to prevent external access to sensitive folders. For example, let’s say I have a folder on my website with the name “sensitive”. In such a scenario, the following RewriteRule would prevent access to it:
RewriteRule ^sensitive/ - [F,L]
So if the folder URL is www.example.com/sensitive, the above rule would generate a 403 “Forbidden” error. The [F,L] flags at the end of the command stand for “Forbidden” and “No further processing required”, respectively. It essentially ends the session after generating a 403 response.
.htaccess RewriteRules have many uses. They’re fast, and use very little resources on the server, unlike other methods like PHP code, which can be exploited more easily in a DDoS attack. While modifying the .htaccess file is dangerous, it’s easy to take precautions with a backup, and if you’re managing a website using Apache, then at least a passing familiarity with .htaccess rules will be a great help to you.
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!