htaccess-generator
.htaccess is Apache's per-directory config file — it controls URL rewriting, redirects, HTTPS forcing, cache headers, GZIP compression, password protection, hotlink blocking, and IP allow/deny. The syntax is unforgiving; one stray character returns 500. The ZTools .htaccess Generator gives you a UI for the most common rules, validates the output against Apache's spec, and explains each line so you understand what you're shipping. Useful for shared-hosting WordPress / static sites where Apache is the only web server you can configure.
Use cases
Force HTTPS site-wide
A few lines of mod_rewrite redirect every HTTP request to HTTPS. Generator emits the canonical pattern.
Old domain → new domain redirects
Migrating sites. Generator builds 301 redirects preserving paths (/about → newdomain.com/about) so SEO juice transfers.
Browser caching headers
Set Cache-Control / Expires per file type — JS/CSS for a year, HTML for 5 minutes. Improves PageSpeed score.
Password-protect a directory
AuthType Basic + AuthUserFile pointing at a .htpasswd. Generator gives you both files.
Block hotlinking
Stop other sites from embedding your images and burning your bandwidth. RewriteCond on Referer.
How it works
- Pick rules — Checkboxes for HTTPS, www-canonicalisation, redirects, caching, GZIP, hotlink protection, security headers, password protection.
- Configure each — For redirects, paste old-URL → new-URL pairs. For caching, pick a TTL per file type. For password, set username + password (generator creates .htpasswd).
- Generate output — Output is a single .htaccess file with comments explaining each block. Optional .htpasswd companion file when password rules are enabled.
- Test before deploying — Apache fails closed — bad .htaccess = 500 errors. Test on a staging URL first.
Examples
Input: Force HTTPS
Output: RewriteEngine On\nRewriteCond %{HTTPS} off\nRewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Input: Cache JS/CSS for 1 year
Output: <IfModule mod_expires.c>\nExpiresActive On\nExpiresByType text/css "access plus 1 year"\nExpiresByType application/javascript "access plus 1 year"\n</IfModule>
Input: Block hotlinking
Output: RewriteCond %{HTTP_REFERER} !^$\nRewriteCond %{HTTP_REFERER} !^https?://(www\\.)?yoursite\\.com [NC]\nRewriteRule \\.(jpg|jpeg|png|gif)$ - [F]
Frequently asked questions
Will this work on Nginx?
No — Nginx uses a totally different config syntax. .htaccess is Apache-specific. For Nginx, use the equivalent location/server blocks.
Does my hosting allow .htaccess?
Most shared hosting (cPanel, Bluehost, SiteGround) does. Some setups require AllowOverride All in the parent VirtualHost. Check with your host.
How do I revert if something breaks?
Always back up the existing .htaccess before replacing. If 500 errors appear, restore the backup. Apache reads .htaccess on every request — changes take effect immediately.
Is mod_rewrite always available?
On most modern Apache installs, yes. If RewriteEngine On errors out, mod_rewrite is disabled and your hosting needs to enable it.
Privacy?
All generation in browser. Hosting credentials never asked for.
Tips
- Always back up the existing .htaccess before deploying changes — Apache offers no rollback.
- Use 301 redirects for SEO-critical permanent moves; 302 for temporary tests. Wrong choice tanks rankings.
- Combine GZIP + browser caching for the biggest perceived speed win — easy 30-50% load-time reduction on a typical WordPress site.
- For URL rewrites, test in a staging directory first — broken rewrites can lock you out of /wp-admin.
Try it now
The full htaccess-generator runs in your browser at https://ztools.zaions.com/htaccess-generator — no signup, no upload, no data leaves your device.
Last updated: 2026-05-06 · Author: Ahsan Mahmood · Edit this page on GitHub