Password Protection using .htaccess

Password protecting your folders using htaccess protection involves two files, .htaccess and .htpasswd.

1. Use the following command in Linux to create the .htpasswd file (by the way the .htpasswd file can be named anything, doesn't have to be named '.htpasswd'). Replace username with the username you wish to use:

htpasswd -c /path/to/.htpasswd username

The files contents will look something like this:


Alternatively you can use an online .htpasswd generator to create the password(s) you require and manually write them to your .htpasswd file.

Ensure that the webserver has access permissions to your .htpasswd file (and the parent folder it's located in). And be sure to create the .htpasswd file outside of a publicly accessible directory.

Each line in the .htpasswd file can contain a username and password combination, so add as many combinations as you require.

2. Now create a plane text file in Windows or Linux inside the folder you wish to password protect with the following contents:

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

Replace /path/to/.htpasswd with the full path to your .htpasswd file.

Your directory is now password protected.

comments powered by Disqus