You can manage your website files two ways: the File Manager inside your hosting control panel (quick and browser-based) or an FTP/SFTP desktop app for larger jobs. The .htaccess file is a small settings file that controls redirects, security, and caching on Apache servers.
public_html.Every website is really just a set of files and folders sitting on a server. To add a photo, edit a page, or fix a setting, you first need to open those files. There are two common ways to do that, and most site owners use both depending on the job.
1. The hosting File Manager. A File Manager is a file browser built into your hosting control panel, such as cPanel or hPanel. You open it in your web browser, log in once, and you can see your folders, upload files, and edit text right on screen. There is nothing to install, so it is the fastest way to make a quick change. If you are new to control panels, our guide to hosting control panels shows where the File Manager lives and how to open it.
2. FTP or SFTP with a desktop client. FTP (File Transfer Protocol) is a standard way to move files between your computer and your server. You use a small desktop app called an FTP client — free options include FileZilla and Cyberduck — to connect and drag files across. This is the better choice when you need to upload a whole theme, download a backup, or move hundreds of files at once, because it handles large batches far more smoothly than a browser.
Connecting takes about two minutes once you know where your details live. These steps use FileZilla as the example client, but every FTP client asks for the same four things: a host address, a username, a password, and a port. Follow them in order.
21 for plain FTP or 22 for SFTP.host address, your username, and password, then set the port to 22 and choose SFTP so the connection is encrypted.public_html. Everything inside it is what visitors can see.22 for SFTP) and confirm you picked SFTP, not FTP, in the client. A wrong port is the most common reason a connection is refused.Once you are connected, a few folders matter more than the rest. Knowing what they hold saves you from editing the wrong thing.
The web root (public_html). This is the public home of your site. Any file you place here can be reached by visitors through your domain. If you are unsure where to upload something so it appears on your live site, this is almost always the answer.
The wp-content folder (WordPress sites). If you run WordPress, the wp-content folder holds the parts you actually change: your themes, your plugins, and your uploads (every image and media file you have added). Setting up WordPress for the first time? Our walkthrough on how to install WordPress covers the full setup.
Here are the everyday tasks you will do most often, whether in the File Manager or an FTP client:
.htaccess) and choose Edit or View to open it.755 for folders and 644 for files.777. That gives everyone — including attackers — full control to read, change, and run your files. It is a common cause of hacked sites. Stick to 755 for folders and 644 for files unless your host's documentation tells you otherwise..htaccess is a small text file that gives instructions to an Apache web server about the folder it sits in. The name starts with a dot, which is why it can look hidden in your File Manager until you turn on "show hidden files." Despite its size, it controls some of the most important behaviour on your site:
Because it is a per-directory file, an .htaccess in one folder only affects that folder and the folders inside it. Most sites keep their main one in the web root (public_html).
.htaccess file works on Apache servers. If your host runs Nginx instead, it uses a different configuration system and ignores .htaccess entirely, so the snippets below will not apply. Not sure which one you have? Ask your host, or check your control panel's server details.Below are common, low-risk rules you can add to your .htaccess file. Each one has a short note on what it does. Add them between the existing lines, not inside the WordPress block (the part marked # BEGIN WordPress).
Force HTTPS — sends every visitor to the secure https:// version of your site.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Redirect non-www to www — picks one version of your domain so search engines do not see two. (Swap the rule if you prefer non-www instead.)
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
Set a custom error page — shows your own friendly page instead of a plain server error.
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
Block access to a sensitive file — stops visitors opening files like wp-config.php, which holds your database password.
<Files wp-config.php>
Require all denied
</Files>
Basic browser caching — tells browsers to keep images and scripts for a while so return visits load faster.
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 week"
ExpiresByType application/javascript "access plus 1 week"
</IfModule>
When file changes go wrong, they usually show up as one of two errors. Both are fixable, and both point straight back to your files.
A 500 Internal Server Error. This is the classic sign of a broken .htaccess file. One misspelled directive or a rule your server does not support can bring down the whole site. The quickest test is to rename .htaccess to .htaccess-old and reload your site; if it comes back, the file was the cause. Our step-by-step guide to fixing a 500 Internal Server Error covers this in full.
A 403 Forbidden error. This means the server is refusing to show a file. It is usually caused by wrong file permissions (for example, a folder that should be 755 set to something restrictive) or an access rule in .htaccess that blocks too much. See how to fix 403 and 404 errors for the exact checks.
Watch out for these four slip-ups, which cause most file-management headaches for beginners:
22 every time.777 permissions. It "fixes" a permission error by opening your files to everyone. Use 755 for folders and 644 for files instead.public_html). Uploading a level too high means visitors never see them.You have two options. The quickest is the File Manager inside your hosting control panel — open it in your browser, and you can view, upload, and edit files with no software to install. For bigger jobs, connect with an FTP client such as FileZilla or Cyberduck using the SFTP details from your host's panel. Both open the same files; the File Manager is faster for one change, while an FTP client handles bulk uploads better.
Both move files between your computer and your server, but SFTP (Secure File Transfer Protocol) encrypts the connection, so your username, password, and files travel scrambled and cannot be read if intercepted. Plain FTP sends everything in the open. Because SFTP protects your login for no extra effort, choose it whenever your host offers it — which is almost always.
SFTP uses port 22. Plain FTP uses port 21. When you set up a connection in your FTP client, enter 22 and select SFTP for a secure link. A wrong port number is the most common reason a connection is refused, so it is the first thing to check if you cannot connect.
.htaccess is a small configuration file that tells an Apache web server how to behave in the folder where it sits. It handles redirects, URL rewrites, access rules, and caching. It works per-folder, so the one in your web root controls your main site. Note that it only works on Apache servers — Nginx uses a different system and ignores it.
Almost always because of a single invalid line. Apache reads .htaccess on every request, so one typo or an unsupported directive stops the whole site and shows a 500 Internal Server Error. To recover, rename the file to .htaccess-old (or restore your backup) and reload the site — it should come straight back. Then correct the line and add it again carefully. This is exactly why you back up the file before editing.
On most hosts the web root is a folder named public_html, found at the top level once you connect over SFTP or open the File Manager. Everything inside it is public and served through your domain. Some hosts name it www or htdocs instead, but the role is the same: it is the folder your live site is served from.
Yes. The File Manager runs over your control panel's secure login, so it is a safe way to view and edit files. The same rule still applies as with FTP: before you change an important file like .htaccess or wp-config.php, make a copy first. The File Manager makes that easy — right-click the file and choose Copy or Download before you edit.
Managing your site files comes down to a few habits. Reach your files through the browser-based File Manager for quick edits, or an SFTP client on port 22 for larger jobs — and always pick SFTP over plain FTP. Keep your public files in the web root (public_html), set folders to 755 and files to 644, and never use 777. Treat .htaccess with respect: it is powerful, Apache-only, and one bad line can take the site down, so back it up before every edit. The single best habit to build next is a reliable safety net — read our website backups guide so any file change is always one restore away from being undone.
The editorial team behind the Bitrich777 Hosting Help Center — practical, tested guides on web hosting, WordPress, servers, DNS, SSL, email, security and migration. Every walkthrough is reproduced on a live host before it is published.
View all guides by the Hosting Team Spotted an error? Tell us