All you need to create or edit an .htaccess file is Notepad. It's just (and must be) a simple ASCII text file. When you upload it to your server, you must upload it as ASCII and not binary. The file has no extension like other files (.html .php etc.) but starts with a dot instead.
Do not upload an .htaccess file without checking the following:
Sometimes you can't view .htaccess files when you FTP to your site, so you don't always know if you've got one. Just because you can't see one doesn't mean it's not there. Files with a dot before them are not always visible, depending on your settings.
You can't see an .htaccess file on your server?
If this is the case, you can click the download button of you FTP program with nothing selected, which usually brings up a text box. Enter .htaccess and click OK. Another method that I've found that's always worked is to create a blank .htaccess file on your computer, select it but click download to it. When you look in the file you created and it's still blank, you don't have an .htaccess file or it's empty.
If you have got an .htaccess file, download it and keep it safe. ALWAYS KEEP A BACKUP then if you do make a mistake, you can upload the original back. Yes, I've had to do this quite a few times 
I can tell you now that making a mistake in an .htaccess file can stop your whole site working STONE DEAD but if this happens, just upload the original. I'm a devil for experimenting and it's happened to me more than once.
If you want to create a new .htaccess file, most text editors won't let you rename them with a preceding dot. There are two ways round this. The first is to call your file htaccess.txt then upload it to your server and rename it on the server. The second I've found is to create a htaccess.txt then open it, and resave it as ".htaccess" including the quotes.
Some basic rules
Stopping people hot-linking to your images
This was the first thing I ever tried to do, using information I'd got from the net, but couldn't get it to work. The practice of image hot-linking is quite common, though illegal I think. Even if you don't pay for bandwidth, it's going to slow your site down if demand is great. I found that quite a few of my images had been posted on very busy message boards, which some of them still are, but I now feed them an advert for this site. Sweet revenge!
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yoursite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com$ [NC]
RewriteRule .*\.(jpg|gif|bmp)$ http://www.yoursite.com/hotlink.png [R,NC]
The above can be shortened by using a 'regular expression', but is shown like this for easier understanding. You may say it looks like others you've seen. One small difference. If you block jpg's gif's and bmp's, then the image you feed must be something different. I've used a lightweight .png image (about 10K) to promote my site. If you use .png images on your site, swap them around in the RewiteRule or use the .jpeg image extension.
You need to check with your site's admin to see if they have "RewriteEngine" on, or you won't be able to use it.
This stops most hot-linking but not all, as the referer variable is not always available. Just cut and paste this (substituting your site address) into a file. Don't forget to make a backup first, and that the file MUST be uploaded in ASCII.
If you have an log file available, you can see who's hot-linking to you and visit the site in question and view your image on it. My replacement image sticks out like a sore thumb here's the image I feed them 
Stopping a directory being listed
If you have a directory that doesn't have an index page, surfers need only enter the address of the folder to list everything in that folder. This could help a hacker as they would know which pages would be available to attack.
Options -Indexes
Put the above in an .htaccess file in the directory that you want to stop being listed. This is ideal for an 'Images' folder, or sensitive include files etc. An alternative is to put a dummy index.html or index.php file in there, and redirect them to your homepage.
Your Own Custom Error Documents
If someone types in an invalid filename of your site or maybe a file you've deleted or renamed, they get a plain error page coming up so you may lose the surfer. To have your own fancy page presented to the surfer, just add the following to your root directory .htaccess file.
Then create a page with the name you've decided on. The page needs to be more than 512 bytes for IE to display it's error page. You can call it anything you want. You could then give a list of links to major sections of where the possible file is (i.e. sitemap). Below are examples, as you'd normally keep all your error files in the same folder.
# files can be in the root directory or any folder
ErrorDocument 400 /error_pages/bad_request.htm
ErrorDocument 401 /errors/authorization_required.php
ErrorDocument 403 /my_errors/forbidden.php
ErrorDocument 404 /file_not_found.php
ErrorDocument 410 /gone.html
ErrorDocument 500 /internal_server_error.html
You could use something funny like:
<h1>Whoops - I couldn't find that page anywhere</h1>
If you want to use images in your error page, relative addressing doesn't seem to work so use a forward slash with the image directory as above. If this doesn't work, you'll have to use the full http:// address.
These are the most common errors you might want to consider using, but you could just use error 404 file not found if you wanted.
Want to use PHP in an HTML file
And assuming that your server has PHP installed:-
Your HTML is indexed by Google so you don't want to change the file extension, but you want to use some php, maybe an include file. Easy! Just add this to your root directory .htaccess file.
AddHandler application/x-httpd-php htm html php
Now you can use PHP in any file, and this can also help confuse hackers as you could be using PHP, Perl, ASP etc. Every little bit helps.
Telling Search Engines that a file has Gone
To stop search engines indexing files you've deleted (some take months, unless you tell them they are gone), you can use "Redirect gone" for individual files or "RedirectMatch gone" which allows you to use a regular expression. Here are some examples:
# files should start with forward slash denoting the root
Redirect gone /temporary.htm
Redirect gone /folder/subfolder/test.php
# using a regex (regular expression)
# match all files in examples with extension .html
RedirectMatch gone ^/examples/.+\.html$
# match every file in examples folder
RedirectMatch gone ^/examples/.*$
RedirectMatch
When using RedirectMatch the ^ sign denotes the start and the $ sign denotes the end of the file name. These are very important as it's possible other files could match this regular expression. A backslash tells the regex to use the following character literally, as a period denotes a wild card (any character). If you prefer, you can use the error number instead of gone i.e. Redirect 410 but 'gone' is easier to remember.
There is a lot more you can do with regexs, so I'd recommend that you read up on them before trying anything complicated. Be very careful when using "RedirectMatch gone" as you can stop search engines indexing your whole site totally if you make certain mistakes 
