How to hide .htaaccess file?

Hello all
I have newly registered domain.
I have got “.htaaccess” file from my service provider.
How to change the permission of “.htaaccess” file to hide it?

Every file that starts with a “dot” or “period” character is already a hidden file on UNIX-type servers. This is happening at the file system level and you won’t see these files in an FTP client unless you choose the option to see the hidden files on the server.

If you’re talking about hiding .htaccess files from public eyes, so they can’t see it from the browser, you should know that the web server protects these files by default so noone can actually see the content of the .htaccess files on your server.

You can hide files via apache using the following block which should be in every apache configuration by default.

<Files ~ "^\\.ht">
    Order allow,deny
    Deny from all

If you are already doing rewrites in the .htaccess then the following is a shorter way to block access to it;

RewriteRule ^\\.htaccess$ - [F]

Thats only useful on a single site basis however… the apache config code I pasted above will cover EVERY site on the server.


As you know, you are absolutely correct - IF you have access to the server’s configuration file.


As you know, most people do NOT have access to the server’s configuration file so they are most likely to be forced to use .htaccess. However, some percentage of those will NOT have mod_rewrite available to them so the same <Files> directive can and SHOULD be applied in the .htaccess file. As usual, think of mod_rewrite as a tool of last resort.



Well I did say “If you are already doing rewrites”. I mentioned it only to show that there is actually more than one way to do it.

Thanks to kneekoo and others also .
So the conclusion is “.htaaccess” file is by default hidden if site is hosted on Unix(or Linux) Server.
No need to worry about it as it is not accessible to out side world.

Not at all. The dot on the front means it is a hidden file and doesn’t show on directory lists. Everyone knows what the name is though so it doesn’t need to show on a directory list in order for someone to access it.

Only if the code that Tim posted has been included in the config file for the server will the .htaccess file be inaccessible with no action required on your part. If it isn’t in the config file then you should copy that into your .htaccess file itself so that it blocks access to itself.

ok felgall.
thanks for your valuable opinion.
If that code is not working for me then i’ll get back to you(hoping that you will not mind :slight_smile: )


Up to my knowledge, we don’t want to hide the “.htaccess” file. Because its already hide by defaulter in all server. if its false, please reply…

Look, people. Just try to access the .htaccess file from the browser, like this:


If it doesn’t work, it’s the proof that the webserver protects that file. The error message in this case should be “Forbidden”. I don’t know who in the right mind would disable the Apache’s default setting that protects .htaccess. Really. If the test returns “Forbidden” then there’s nothing else to be done here - you’re safe.

If you go to two posts above where you asked this question you will find my answer to it.