Do I need technical knowledge to use this .htaccess generator?

No. Each option has a clear plain-English description. Toggle the settings you need, copy the output, and upload it to your server.

Can I use this generator for WordPress?

Yes. Place the generated security and performance rules above the # BEGIN WordPress block in your existing .htaccess file. Do not remove the WordPress rewrite rules.

Why is my .htaccess file not working?

Check that mod_rewrite, mod_headers, mod_deflate, and mod_expires are enabled on your Apache server. Also make sure the file is named exactly .htaccess with no extra extension.

Does this tool generate Nginx config too?

Yes. Switch the Server Type to Nginx and the tool generates a matching nginx.conf file. Include the output inside your existing server {} block.

🔥 Trending Tools

Password Generator Image Converter QR Code Generator JSON Formatter

.htaccess Generator

Build a production-ready .htaccess or nginx.conf file in seconds. Set up HTTPS, security headers, caching, redirects, and more — no server experience needed.

Server Type

Choose your web server

Domain

Used in redirect and hotlink rules

Redirects & URLs

HTTPS enforcement, WWW preference, custom redirects

Force HTTPS

Redirect all HTTP traffic to HTTPS (301).

Remove WWW

Always redirect www.domain.com → domain.com.

Add WWW

Always redirect domain.com → www.domain.com.

Custom Redirects

No redirects added yet.

Security

Harden your server against common attacks

Hide Server Info

Removes Server and X-Powered-By headers.

Prevent Directory Listing

Disables browsing folder contents.

Block Sensitive Files

Denies access to .env, config, log files.

XSS Protection Header

Sets X-XSS-Protection: 1; mode=block.

MIME Sniffing Protection

Sets X-Content-Type-Options: nosniff.

Clickjacking Protection

Sets X-Frame-Options: SAMEORIGIN.

HSTS (Strict Transport)

Forces HTTPS for 1 year via Strict-Transport-Security.

Custom URL Rewrites

RewriteRule (Apache) / rewrite (Nginx) — serve content from a different internal path

Pattern is a regex. Replacement is the target path. Flags: L, R=301, R=302, NC, QSA, etc.

No rewrite rules added yet.

Performance

Browser caching and compression

Gzip Compression

Compresses responses to save bandwidth.

Browser Caching

Instructs browsers to cache static assets.

Cache Images

jpg, png, gif, webp, svg.

Cache CSS / JS / Fonts

css, js, woff, woff2, ttf, eot.

SPA / Static Site Routing

Fallback all routes to index.html for SPAs.

Cache Duration

Hotlink Protection

Stop other sites from using your images

Enable Hotlink Protection

Blocks requests for images from other domains.

Custom Rules

Append any directives you need

.htaccess

1 lines · 0 bytes

Before you upload

Test in a staging environment first.
Keep a backup of your existing .htaccess.
HSTS is permanent after activation — be sure HTTPS works before enabling.
Apache requires mod_headers, mod_deflate, and mod_expires to be active.

What Is an .htaccess File?

An .htaccess file is a configuration file used by Apache web servers. It lets you control how the server handles requests for a specific directory and all the folders inside it — without touching the main server configuration. You place it in the root of your website, and it takes effect immediately.

With a single .htaccess file you can force HTTPS, create redirects, add security headers, enable Gzip compression, set browser caching rules, block access to sensitive files, and much more. This tool generates a complete, production-ready file based on the options you choose — no manual coding required.

How to Use This .htaccess Generator

1
Select your server type
Choose Apache (.htaccess) or Nginx (nginx.conf). Both generators produce clean, production-ready output.
2
Enter your domain name
Your domain is used in redirect rules and hotlink protection. Without it, placeholder values are used.
3
Configure redirects
Toggle Force HTTPS, Add/Remove WWW, and add any custom path redirects you need.
4
Choose security options
Enable headers like HSTS, XSS Protection, and Clickjacking Protection to harden your server.
5
Set caching and compression
Turn on Gzip and browser caching to improve page speed scores and reduce server load.
6
Copy or download the file
Click Copy to grab the code, or Download to save the file directly. Then upload it to your server root.

What This Generator Creates

Security Headers

HSTS, XSS Protection, Clickjacking (X-Frame-Options), MIME sniffing prevention, server signature removal.

HTTPS & Redirects

Force all traffic to HTTPS, enforce www/non-www preference, and set up custom 301/302 redirects.

Speed Optimisation

Gzip compression for HTML, CSS, JS, and fonts. Browser caching with configurable expiry for all static assets.

File Protection

Block access to .env files, config files, logs, and build directories so sensitive data never reaches visitors.

SPA Routing

Fallback routing for React, Vue, Angular, and Next.js static exports so all URLs serve index.html correctly.

Hotlink Protection

Prevent external sites from embedding your images and stealing your bandwidth.

Apache vs Nginx — Which Should You Use?

If you are on shared hosting (cPanel, Hostinger, Bluehost, SiteGround, etc.), you almost certainly need the Apache .htaccess file. Shared hosting almost always runs Apache. Place the generated file in the root of your WordPress site, static site, or any PHP project.

If you manage a VPS or dedicated server yourself (DigitalOcean, Linode, AWS EC2, etc.), you are likely running Nginx. Use the Nginx config output and include it inside your server block or as a separate virtual host file.

Frequently Asked Questions

Do I need technical knowledge to use this generator?+

No. Each option has a plain-English description. Toggle what you need, copy the output, and upload it. If you are unsure about an option, hover over the description before enabling it.

Where do I upload the .htaccess file?+

Upload it to the root directory of your website — the same folder that contains your index.html or index.php. On cPanel, this is usually the public_html folder.

Will this break my website?+

A well-configured .htaccess should not break anything. However, always test in a staging environment first and keep a backup of your current file before replacing it.

What is HSTS and should I enable it?+

HSTS (HTTP Strict Transport Security) tells browsers to always use HTTPS for your domain for the next year. It is a strong security measure, but it is permanent once a browser caches it. Only enable it if your HTTPS certificate is fully set up and working.

Can I use this for WordPress?+

Yes. WordPress already creates a basic .htaccess for permalink support. You can merge the rules generated here with your existing WordPress .htaccess, placing the new security and performance rules before the # BEGIN WordPress block.

Why is my .htaccess not working?+

Check that mod_rewrite, mod_headers, mod_deflate, and mod_expires are enabled on your Apache server. On shared hosting, contact your host if you are unsure. Also make sure the file is named exactly .htaccess (with no other extension).

Does this generate a config for Nginx too?+

Yes. Switch the server type toggle to Nginx and the tool generates an nginx.conf file with the same settings. Include the output inside your existing server {} block.

📧 Stay Updated

Get notified of new tools