Skip to content

Instantly share code, notes, and snippets.

@AliMD

AliMD/gist:3885209

Created October 13, 2012 16:21
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save AliMD/3885209 to your computer and use it in GitHub Desktop.
Save AliMD/3885209 to your computer and use it in GitHub Desktop.
Download ZIP
Htaccess Password Protection
Raw
gistfile1.md

Password Protection

One of the many uses of the .htaccess is being able to reliably password protect directories on websites. Note: If you would like to use the cPanel tool to password protect your folders please see our article: Password Protect a folder on your website

The .htaccess File

Adding password protection to a directory using .htaccess takes two stages. The first part is to add the appropriate lines to your .htaccess file in the directory you would like to protect. Everything below this directory will be password protected:

AuthName "Secret Folder"
AuthType Basic
AuthUserFile /home/username/.htpasswds

Require valid-user

There are a few parts of this which you will need to change for your site. You should replace "Secret Folder" with the name of the part of the site you are protecting e.g. "Members Area".

The /home/username/.htpasswds should be changed to reflect the full server path to the .htpasswds file (more on this later). If you do not know what the full path to your webspace is, check your Hostmonster cPanel. Look on the left "stats" column of the cPanel.

The .htpasswds File

Password protecting a directory takes a little more work than any of the other .htaccess functions because you must also create a file to contain the usernames and passwords which are allowed to access the site. These should be placed in a file which (by default) should be called .htpasswd. This can be placed anywhere within you website (as the passwords are encrypted) but it is advisable to store it outside the web root (in your home directory) so that it is impossible to access it from the web.

Entering Usernames And Passwords

Once you have created your .htpasswd file (you can do this in a standard text editor) you must enter the usernames and passwords to access the site. They should be entered as follows:

username:password

Where the password is the encrypted format of the password. There is a good username/password service at the KxS site which will allow you to enter the user name and password and will output it in the correct format.

For multiple users, just add extra lines to your .htpasswd file in the same format as the first.

Accessing The Site

When you try to access a site which has been protected by .htaccess your browser will pop up a standard username/password dialog box. Alternatively ou can send the username and password (unencrypted) in the URL as follows:

http://username:password@www.website.com/directory/
@AliMD
Copy link
Author

AliMD commented Oct 13, 2012

Learn More ali.md/htaccess

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment