The .htaccess file is a configuration file for Apache, the web server software that runs most cPanel hosting accounts. With .htaccess you can control redirects, HTTPS enforcement, custom error pages, password protection, hotlink prevention, and many other server behaviors — all without touching the main Apache configuration. This article explains what .htaccess does, how to find or create it, and includes ready-to-use snippets for common tasks.
About .htaccess
An .htaccess file lives inside one of your website's directories. When Apache serves a request, it reads any .htaccess file in the current and parent directories and applies the rules it finds. This makes .htaccess ideal for per-site or per-directory tweaks: you can change behavior without restarting the server, and the changes only apply where you placed the file.
Common uses include:
- Redirecting HTTP traffic to HTTPS.
- Setting custom error pages (for example, a branded 404 page).
- Password-protecting a directory.
- Blocking image hotlinking.
- Adding or stripping the www prefix.
Before you begin
- An active Exact Hosting cPanel hosting plan. The .htaccess rules below assume the standard Apache + cPanel environment.
- A way to edit files in your web root. Use cPanel's File Manager (see File Manager Overview) or an FTP client (see Managing FTP Accounts in cPanel).
- A backup of the existing .htaccess file. A typo in .htaccess can take a site offline. Save a copy before you edit.
Warning: A syntax error in .htaccess can produce a 500 Internal Server Error and take your site offline. Always back up the existing file before editing, and test changes in a staging environment when possible.
Step 1: Locate the .htaccess file
The .htaccess file usually lives in your website's root folder (typically /public_html). Because the filename starts with a dot, it's hidden by default.
- Open File Manager in cPanel.
- Navigate to /public_html (or the site's root folder).
- If you don't see .htaccess, click Settings in the top-right corner and enable Show Hidden Files (dotfiles).
- If the file still doesn't exist, you can create a new one with the name .htaccess.
Step 2: Force all traffic to HTTPS
The rules below send every HTTP request to HTTPS. Place them at the top of your .htaccess file.
If your .htaccess file already has rules: Add this above any other rules with a similar starting prefix (RewriteEngine, RewriteCond, RewriteRule).
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]If your .htaccess file is empty, use this version instead:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]Step 3: Force HTTPS on a single folder
To force HTTPS only inside a specific folder (instead of the whole site), place an .htaccess file inside that folder with the rules below. Replace www.example.com with your own domain and folder with the directory name.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]Tip: Once you've enforced HTTPS, change the redirect from [R,L] (temporary 302) to [R=301,L] (permanent) so browsers and search engines remember the change.
Next steps
- Add simpler redirects from cPanel. See Redirecting Domains and Websites in cPanel.
- Test the change. Open your site in an incognito window and confirm it loads over HTTPS.
- Read the Apache reference. See the official Apache .htaccess tutorial for a deeper dive into directives and patterns.
Questions? Contact Exact Hosting Support.
How helpful was this article?
Thanks for your feedback!
Do you still need help? If so please submit a request here.