Using .htaccess for password protecting your folders

If you need to have certain areas (folders or files) of your web site protected you can use
.htaccess and .htpasswd files to enable a basic user/pass protection.
The Apache web server provides a quick and easy way to protect a file or folder on your

The password protection depends on two files. The first one is the .htaccess file. It tells
the webserver that viewing the file and/or folder requires authorization. The second file
is the .htpasswd file it stores information about the users and their passwords. Its
content will look similar to the following line:
The first part is the username, the second part of the line after the colon symbol is the
password. The password is encrypted either using a modified version of MD5 or the system
crypt() function.
Creation of the .htpasswd file is usually handled by the Apache htpasswd command line
In case you do not have access to it on your server, you can use the following form to
generate your .htpasswd file.

It is recommended that the .htpasswd file is located in a folder that is not accessible
through the web. However most servers retrict acces to these files in their setup.
Once you have the .htpasswd file ready you need to create a file named .htaccess and place
it in the folder you wish to have protected. The file should have the following lines
AuthType Basic
AuthUserFile "/home/username/path_to_htpasswd/.htpasswd"
AuthName “Enter valid username and password!â€
require valid-user

The line AuthUserFile tells the web server where to look for the file containing the
usernames which are allowed to access the folder.

The AuthName is what is printed in the user/prompt of the visitor’s browser.
Protecting a single file is a little tricky, you will need to add some more lines to the
.htaccess file. Let’s say you wish to protect a file named “my-secret-file.htmlâ€. Then you
will need to following .htaccess:
AuthType Basic
AuthUserFile "/home/username/path_to_htpasswd/.htpasswd"
AuthName "Enter valid username and password!"

require valid-user

The .htaccess file should be located in the same folder where the my-secret-file.html is
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Can you provide a custom package for me?

Yes, most definitely. Simply open up a helpdesk ticket in the Sales department or contact us...

Redirect URLs using .htaccess

Sometimes you need to redirect some URL and/or page on your site to another one.The feature is...

Force SSL/https using .htaccess and mod_rewrite

Sometimes you may need to make sure that the user is browsing your site over a secure...

Change PHP variables using .htaccess

If you need to change the way your PHP is working you can do that using .htaccess.Please, note...

Block Bad robots, spiders, crawlers and harvesters

There are lots of examples across the internet that use ModRewrite. We will provide such an...