Plain PHP .htaccess Generator

Safe, production-ready defaults for non-framework PHP websites.

Before You Begin
If you are using a framework like Laravel or WordPress, use their specific generators instead. This one is for custom-coded PHP sites.

Standard PHP Website Rules

RewriteEngine On # 1. Redirect to index.php if file/folder doesn't exist RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php [L,QSA] # 2. Disable directory browsing Options -Indexes # 3. Protect sensitive files <FilesMatch "^\.env|config\.php|.*\.log$"> Order allow,deny Deny from all </FilesMatch> # 4. Prevent viewing of .htaccess itself <Files .htaccess> Order allow,deny Deny from all </Files>

Routing in Plain PHP

In a custom PHP site, you often want a "Front Controller" pattern. This means no matter what the user types (e.g., yoursite.com/profile), Apache sends the request to index.php. Your PHP code then looks at $_SERVER['REQUEST_URI'] to decide what content to show.

Who should use this?

Developers building their own custom PHP applications who want clean URLs and basic security without a heavy framework.

When NOT to use this?

If your site consists of simple, static .php files (like about.php, contact.php) and you want users to visit those exact filenames.

Plain-English Explanation

QSA (Query String Append)
Critical

Ensures that if someone visits /page?id=123, the id=123 part is passed along to your PHP script.

RewriteCond %{REQUEST_FILENAME} !-f
Critical

Tells Apache: "If the user is asking for a file that actually exists (like logo.png), just give it to them. Don't redirect it."

FilesMatch
Security

A safety net that blocks anyone from trying to read your configuration files or error logs in their browser.

Frequently Asked Questions (FAQs)

The .htaccess file should be placed in the root directory of your website. This folder is commonly named public_html, htdocs, or www depending on your hosting provider.
A 500 error usually means Apache cannot process one or more directives in your .htaccess file. This can be caused by typos, unsupported rules, or hosting restrictions. Try removing advanced directives like Options -Indexes first and test again.
Yes. Apache’s mod_rewrite module must be enabled for routing rules to work. On most shared hosting providers, this is enabled by default. On VPS or local servers, it may need to be enabled manually.
In most cases, yes. Shared hosting environments usually support basic .htaccess rules. However, some providers restrict certain directives, which can cause errors. Always check your hosting documentation if something fails.
Yes. Apache reads the .htaccess file on every request, so changes usually apply instantly. If you do not see updates, try clearing your browser cache.
Yes. Incorrect or conflicting rewrite rules can make your website inaccessible. Always keep a backup of your existing .htaccess file before making changes, so you can quickly restore it if needed.
Explore Other .htaccess Tools:
301 Redirect Generator WordPress .htaccess Laravel .htaccess CodeIgniter .htaccess Browse All Tools