You’d think that with an open-source content management system like Joomla, you’ll control your entire website from a nicely laid-out dashboard where everything is intuitive and easy to use.
While this is largely true, other components also play a part in your site’s management. The web server, for example, is responsible for processing visitors’ requests, and a lot of your site’s functionality depends on it. Its configuration is not accessible from the Joomla Administrator, and to make it behave the way you want it to, you often need to edit the .htaccess file.
But what does this file do exactly? And where can you find it?
Let’s find out.
What is .htaccess?
You may have heard of Apache. It’s a web server application, and although it’s nearly thirty years old, it’s still considered one of the best solutions of its kind.
Apache is far from the only web server capable of powering your Joomla project, but it is free, and some people are so used to it, they don’t even want to consider the alternatives. The truth is, an Apache server can easily support your Joomla website. However, if you want to make the most of it, you need to set it up properly. And this means editing its configuration files.
Apache’s primary configuration file is called httpd.conf, located in the etc/httpd/conf directory (variations are possible depending on the Linux distribution and the web server’s version).
You can open httpd.conf with a text editor and add directives to modify the web server’s behavior.
The thing is, not everyone has access to the httpd.conf file. For example, on a shared hosting server, you have hundreds of projects running on the same machine. As a website owner, you get your own folder, and you’re not allowed to touch anything outside it.
This isn’t ideal. Some critical tasks, such as forcing the entire website through HTTPS, are often impossible without Apache directives. In other words, you need to configure the web server according to your website’s needs, but you need to do it without touching httpd.conf.
This is where the .htaccess file comes in.
An .htaccess file is like httpd.conf for a single directory. It needs to be situated in your website’s document root folder (if your site is hosted under your primary domain, that would be the public_html folder). Once it’s in place, you can open it with a text editor and use the same Apache directives as in the primary configuration file without affecting other websites on the server.
The .htaccess file can be used for various tasks, including setting up a custom 404 page, password-protecting a section of your website, and restricting access to the site from specific IPs. There are universal directives that can work on all websites, regardless of the platform they’re based on.
However, many content management systems also use the .htaccess file for specific purposes. Joomla is no exception.
Joomla and .htaccess
There are two main Joomla-specific tasks you can accomplish with an .htaccess file:
Allow search engine-friendly URLs
Joomla’s URL structure used to be pretty cumbersome. It contained category and article IDs and other information that didn’t really tell you what the page was about.
This wasn’t great from an SEO perspective. Google and other search engines prefer human-readable URLs with keywords that show them what they can expect.
To improve the CMS’s SEO performance, a Search Engine Friendly URLs option was introduced in Joomla 1.5, and by version 1.6, it was enabled by default. Even with it on, however, all URLs have index.php in them. To remove it, you need to have Apache’s rewrite module enabled and a few special directives in the .htaccess file.
Improve your site’s security by preventing popular exploits
Joomla is under active development, which means that, as long as you use the latest version of the CMS, you can get patches and plug any recently discovered security holes. However, some exploits simply can’t be prevented with an update. For them, you need a properly configured .htaccess file.
Using a few directives, you can stop quite a few attacks, including loading JavaScript code into SVG files, modifying HTTP requests, and encoding data within the URL.
How Can I Find Joomla’s .htaccess File?
You can create your own .htaccess file from scratch. All you need is a text editor and an understanding of Apache’s directives.
However, you don’t need to do everything yourself. Every standard Joomla installation comes with a file called htaccess.txt. It’s already inside your site’s root directory, and it contains the directives that allow search engine-friendly URLs and stop the exploits mentioned in the previous section.
All you need to do to make these directives come into effect is rename htaccess.txt to .htaccess.
There are three methods for doing it:
With an FTP client
All you need to do is navigate to the site’s document root folder, right-click on the htaccess.txt file, and select Rename.
With your hosting account’s File Manager
The steps are pretty much identical. The interface may differ slightly from file manager to file manager, but with most, the Rename option is available in the context menu.
Via SSH
It’s not mandatory, but most people prefer to navigate to the site’s document root directory first. If your site is hosted under your primary domain, you can use the following command:
$ cd ~/public_html
Then, you need to use the mv command to rename htaccess.txt to .htaccess.
$ mv htaccess.txt .htaccess
NOTE: The dot in .htaccess is at the very beginning of the file name. In Linux, this indicates that the file is hidden. If you position it incorrectly or put a file extension at the end, your .htaccess file won’t work.
