Password Protecting with htaccess

posted by Ishmael Sanchez on Nov 07, 2009

You might not always have access to cPanel or Plesk to create a protected directory. Although if you do have access to the administration panel creating a protected directory is fairly straightforward, and this article might not be of much use to you. What if you don't have access, but need to create one? This was the case for me recently, I needed to create a protected directory but only had FTP access with Dreamweaver.

First, why might you need to protect a directory? I often create protected directories for sites that are under development. Other times to limit access to certain parts of the website. There are a number of different uses the main reason is anytime you want to restrict access.

To protect a directory you need two things a text file that protects the folder and a text file for your password. First, create the password file. The password file consisents of a username and encrypted password, separated by a colon (:).

For example, username:encryptedpass

How do you get an encrypted password? There are several free web-based utilities out there; see the resource links for more. Once you have the username and password paste that information into a text file and save the file as .htpasswd. Now that you have the file created upload it to the server.

Next, we create the file that protects the directory. Create a file using a text editor and save it as .htacess and paste the following code into that file.

AuthUserFile /full/path/to/.htpasswd
AuthType Basic AuthName
"Restricted Access" Require valid-user

Replace the text "/full/path/to/.htpasswd" with the actual path location of the .htpasswd file on your server. You can also change the text within the quotes to whatever you want to appear in the header of the access box. Once you make the changes save and upload the file. Finally, open a web browser and test to make sure it's working properly.

Protected Directory Prompt
What you should see


Ishmael Sanchez