Did you subscribe to our Youtube channel? If not, it would be our pleasure if you would join our community!

Secure URL Rewriting in htaccess for better SEO

In this lesson, we’re diving into URL rewriting in the htaccess file, a must-know for SEO specialists to prepare clear, effective developer tickets! We’ll cover how URL rewrites differ from redirects, touching on the importance of specifying unique identifiers and maintaining a consistent URL structure. You’ll learn how to simplify URL structures, manage query strings, and apply security best practices in URL rewriting.
 
Lesson Timestamps

Have a Question?

To ask a practical question:

To be able to help you with obstacles which occur while you are working for an employer or a client, we need a lot more input. That data is sensitive, therefor SEONAUTs have the option to ask the mentor 1on1 questions in private and to provide more details.

To unlock even more features:

To ask a theoretical question:

We love the SEOLAXY community an we provided free answers on YouTube for many years. Today it is physically not possible to answer all of them. But we are still commited to answer all theoretical questions and questions about the lesson in YouTube comments.

If you have a theoretical question about this lesson:

Lesson Transcript

Intro

URL rewriting in .htaccess is simple if you know what you want to achieve. While it doesn't directly impact SEO, it can introduce security risks. An URL rewrite rule is different from an URL redirect rule, even though both are managed in the .htaccess file. We're exploring the .htaccess file to show you how URL rewriting works. This will help you as a SEO Specialist, write tickets for developers to create SEO-friendly URLs and structures. If you haven't watched the previous two lessons, you should definitely check them out before watching this one.

.htaccess File Rewriting Rules

Remember, everything we are about to learn applies to WooCommerce, Magento, Shopware, and all other PHP Shop CMSs using an Apache server - but not to Shopify. Shopify has a specific problem with URL structures which we will address before the end of this lesson. We’re opening the .htaccess file and writing lines that should go below the lines we wrote in lesson 8 about root domain redirects. So make sure you don't write directly under the “RewriteEngine On” command. It should be below all the main domain redirects, but still nested under the “RewriteEngine On” command. Now, let's dive deep into it.

Let's remind ourselves what we want to achieve. I'll show you two examples: first for the category URL, then for the product URL, since the rest follow the same principles. We need a unique identifier - a part of the URL that's always present in the page type we want to rewrite and specify how it should change. AI tools like Chat GPT are great at writing these, just tell them what you need. But ultimately, your job is only to write the ticket for the Developers or DevOps with the desired outcome and let them handle writing the commands to achieve that. You can find the developers’ ticket in the SEOLAXY Resources section for all the page types we discussed in the last lesson, and you can use them whenever you need.

So the first thing we'll do is shorten the long category slug in the URL to just the letter “C”. Unlike URL redirects, for URL rewrites we first write the desired outcome and then the current situation. This rule looks similar to a redirect rule, but is missing the redirect type, so it's not a redirect. The unique identifier is the slug “category”, but only if it appears right after the root URL. The dollar sign “$” is used in the substitution to refer back to parts of the URL matched in the pattern. For example, “$1” represents the first captured group from the pattern, which also allows us to append whatever comes after the unique identifier in the original URL to our Rewritten URL. Now, let's shorten the “product” slug to only the letter “P”. That was easy! Notice the trailing slash in all versions - don't forget it; it makes a difference in many analytics tools like Google Analytics.

But before we continue, you need to understand: If you rewrite URLs, all your internal and external links need to point to the new URL structure, which means just rewriting them without using redirects makes only sense for new online stores. If you do this switch on existing online stores, change every “L” command in the brackets to “R equals 301 comma L” command so it becomes a rewrite and redirect rule. You should still make sure that you don't have any internal links to the old version, but if it happens, it won't be critical, you will lose just a little bit of link juice due to the redirect. This is especially important for rewriting category and product URLs, which we usually do.

Now let's tackle dynamic parameters, such as those generated by search queries. Dynamic URLs often contain various strings like “?search=keyword” or “?query=searchterm”. Again, notice that all our example URLs end with a “/”. This is important for consistency and can prevent duplicate content issues where, for example, '/page' and '/page/' are treated as separate URLs. The QSA flag in a RewriteRule stands for Query String Append. It ensures that any existing query parameter in the original URL are preserved and appended to the new URL when the rewrite occurs. Without the QSA flag, the query string from the original URL would be replaced by the one specified in the rewrite rule. By using QSA, both the original and the rewritten query strings are combined. The complex string on the left is a regular expression or RegEx, which plays an important role in securing this rewriting rule and closing an important security issue. Now, let's touch on some security considerations.

Security Considerations in URL Rewriting

When dealing with dynamic parameters, it's crucial to sanitize inputs to prevent injection attacks. We see two different types of parameters. The category is a static parameter and the search query parameter is a dynamic parameter. The category parameter is set by the CMS and a search term can be entered by the user. Right? No! Because anyone can tamper with the URL and enter whatever they want. By limiting the characters in our RegEx to alphanumeric characters and hyphens, we reduce the risk of malicious input. That's exactly what the RegEx rule does. For a product URL rewrite, that means we should write this. Notice that hyphens are used in those regular expressions. In URLs, the hyphen (-) is the same as the minus sign on your keyboard and it's commonly referred to as a dash. This is the character recommended for separating words in URLs. That's it. Now you can understand what happens, but again, please let these tasks be handled by professionals, because, as you can see, minor mistakes could have bad consequences. Your job is only to write the ticket and give examples of the end result you wish to see. Before we address the Shopify issues, let's settle another big discussion.

Dash or Underscore in SEO-friendly URLs?

Again, grammar enthusiasts would tell us that a hyphen isn't the same as a dash. A dash is longer than a hyphen, so if you enter the minus sign on your keyboard you entered the right character. You can call it whatever you want, but in the SEO world it will stay a dash. Although it is actually a hyphen. In our examples, I used the dash which is preferred by Google. That's what they've said many times, but if you use underscores instead, it's not a problem. It can be a problem with certain shop CMSs though, because the underscore is often used as a marker for unique identifiers in the URL. If you have long URLs, you want some parameters to be found quickly and developers love to use underscores for that purpose. So if you want to minimize possible errors and conflicts with developers, just use dashes.

SEO-friendly URLs in Shopify

Shopify is using “collections” instead of “categories” in their URLs, which is fine. Due to Shopify's platform limitations, it is not possible to trim those collection URLs to just a “C”. The same issue occurs with products. It is not possible to trim those product URLs to just a “P”. Don't waste your time; it's not possible! But one other issue is solvable. Each product is accessible under two different URLs, which is not good. For example, this can and should be fixed by removing the second URL as we learned in the last lesson. You can download the developer ticket in the SEOLAXY resources to solve the product URL issues in Shopify. If your developers return the ticket as not solvable, reach out to a Certified Shopify developer.

Shopify also doesn't support nested category URLs with slashes - they use dashes for that. That is also currently not adjustable, but that isn't a huge SEO issue. Shopify has many advantages; the issue with double product URLs is critical and should be solved. We have solved it for our clients through Certified Shopify developers. Other developers didn't know how to do it, but all other issues are not really SEO issues, because we can still filter out category and product URLs, and also paging URLs, facet URLs, and sorting URLs in Shopify. So just get rid of the double product URLs and you're fine.

Just as the Certified Shopify developer was the only one to solve complex issues with Shopify, SEOLAXY Certified Ecommerce SEO Specialist are able to solve issues that others usually aren't even aware of. Remember to watch the last two lessons about .htaccess redirects and one before that about the robots.txt file. If you got value out of this lesson please consider subscribing or hitting the hype button. It would mean a lot to us. In the next lesson, we will address a very important topic – entities, and finally start addressing some content SEO issues.

Join SEOLAXY Now!

Become a SEONAUT with a monthly subscription or lifetime access. Subscriptions offer free community access and let you unlock actions with gems. Lifetime access provides permanent community entry, immediate masterclass access upon release, and gems available on demand for resources or mentor questions.

Smaller Plan
EXPLORER
$17
monthly payment
Billed Monthly Billed Yearly -25%

SUBSCRIPTION ACCESS

$97
monthly payment
Billed Monthly Billed Yearly -25%

LIFETIME ACCESS

This special offer ends on 1st Jan 2025!
$1970 cross-out $970
one-time payment
Bigger Plan
Smaller Plan
Bigger Plan
Already a SEONAUT? Login
Masterclass
Earn $10K/mo.
MASTERCLASS
1:1 Coaching 1:1 COACHING
Valuable
Resources
RESOURCES
Unselfish
Community
COMMUNITY
In the SEOLAXY Masterclass you are going to learn how to acquire dream clients and deliver Hockey Stick SEO results in order to earn $10,000 monthly after just 7 Months!
You can use this feature 24/7 if you want to ask a question in private and need a reliable answer, especially while working with a client. You submit your question, accept the offer and get the answer.
Beside the amazing "Hockey Stick SEO Audit Checklist" you can download developer tickets and important charts and calculator templates to achieve your goals faster and in a more reliable way.
Whether you're just starting out or are a seasoned pro, you'll thrive in the SEOLAXY community, where mutual support, knowledge sharing, and genuine camaraderie are the core values.

6 Ecommerce SEO Career Stories in just 60 seconds!