You can secure any file using this script.
It will not allow you to access without username and password.

1st step is to create .htaccess file in a folder which you want to protected.
2nd step is add index.php as shown in example. This will not work as it is but you can modify.

/*******************************************************/


.htaccess file

/********************************************************/

Options -Indexes 

RewriteEngine On

RewriteCond $0 !^(favicon\.ico|favicon\.png|media|robots\.txt|crossdomain\.xml|css|js)

RewriteRule .* index.php?file=$0 [QSA,L] # pass everything thru php
 

 

Recently I was working on a project and SEO team requested to add WWW forcefully in project URL. I asked why, they said.
“Must have www in your URL! Google Like it.”
So here is .htaccess snippet to force a url with WWW
When you will type http://phpmind.com it will automatically become http://www.phpmind.com

RewriteEngine on

rewritecond %{http_host} ^phpmind.com [nc]
rewriterule ^(.*)$ http://www.phpmind.com/$1 [r=301,nc]

This is how I did in this site. I am telling you one .htaccess secret. You can experience here only.

What is ETag?
An ETag, or entity tag, is part of HTTP and it provides a unique identifier for the resource being supplied.

This identifier can then be used to validate if it resource has been modified or
Browser requests can use an etag and an if-match header to check whether a resource has been modified since it was served, providing an efficient caching facility that relies on content rather than on timeouts.

Use this code to setup ETags on your server, using following htaccess.

FileETag MTime Size

  
       ExpiresActive on
       ExpiresDefault "access plus 1 year"
   

Sometimes developer want to be disable ETags from headers. To disable ETags, make sure to include following snippet in your .htaccess file.

Header unset ETag
FileETag None

If you are making search engine friendly URL from pages which are using query string (i.e. www.phpmind.com?id=2 ) and pages which are indexed in search engines or if you are rewriting your website with new urls then you need permanent redirect 301!!

Let me tell you what happens here. If you remove a page which is already in Google it will generate error and that is not good for your site.
So .htaccess for permanent redirect will save life! Just redirect old to new url and Google will like your site this is good practice in terms of SEO too.

This one line PHP code is worth to add in .htaccess file of your root directory without loosing search engine ranking in Google and Others.

Redirect 301 /oldPage.html http://mydomain.com/newpage.html

Another Way 

redirectpermanent /contact-me.html http://www.phpmind.com/contact-us.html

Don’t let your users your photo steel! If you have very good photo or even not good! and want to prevent your files using php technology, such as jpg, gif, bmp, png etc.

You can just put this code in root directory of .htaccess file of your php project and it won’t let others site use you files directly and it will save your bandwidth. This is the main purpose of blocking hotlinking using .htaccess in php.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?my-website-url\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpg|gif|bmp|png)$ http://phpmind.com/no-hotlinking-please.png [L]

You can upload big file yes it is possible without applet and other third party lib!
Simply put these standard configuration values and they will overwrite php.ini setting, which does not let you upload big file in your server.

php_value upload_max_filesize 10M
php_value post_max_size 10M
php_value max_execution_time 300
php_value max_input_time 300

In order to force https:// in payment and other secure pages even if your customer try to access http:// or they forget. You can use .htaccess file and simple code.

Example –
I had created a page http://www.phpmind.com/blog/
I want my visitor to access https://www.phpmind.com/blog/
Here is code which will force them to redirect to https://

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}