Home     SSI Lab     CSS Templates     CSS     Htaccess     Web Design     XHTML

Htaccess Tutorials




CSS Templates





Web Design




Password Protection of Directories


.htaccess can be used for a range of server functions from adding mime types, changing your default directory page to redirecting and many other functions. Here all we want to do is password protect a directory. This guide will help you set-up basic password protection for a directory using .htaccess.

Step 1 - Allowed in your server:

Can you use .htaccess on your server? This ya gotta check with your host. Try their support section or mail them. Some hosts don't allow use of .htaccess for a number of reasons.

Step 2 - Required Files:

There are two files you need to create to protect (and allow limited access to) your directory .htaccess and .htpasswd.
Note:: these are the file extensions and can only be called this. Do NOT name them something like mydirectory.htaccess they can ONLY be called .htaccess and .htpasswd

Also the . (dot, period, full stop) is very important!

Step 3 - Creating the .htaccess file:

This can be done easily in any text editor. Just create a new file and add the following:

AuthUserFile /user/home/www/directory/.htpasswd
AuthGroupFile /dev/null
AuthName "Restricted Directory"
AuthType Basic

<Limit GET POST>
require valid-user

The AuthUserFile is the path to your .htpasswd file. Make sure this is correct.
The AuthName is simply the name you want to call your password protected directory.
The last line require valid-user means a list of valid users with an assigned username and password can access the directory. To allow access to just ONE user change this line to require user Johnson where Johnson in this example is just the name of the user who is allowed to have access.

Make sure this file is saved as .htaccess. Upload this file INTO the directory you want to protect.

Step 4 - Creating the .htpasswd file:

This is the trickiest part because it cannot be done by hand. The .htpasswd file simply contains username:password but the problem is that we need to encrypt the password!

In order to do this you'll need a simple tool such as:

  1. DirectoryPass (cgi script). Excellent script will create both your .htaccess and .htpasswd files and allow you to easily add or delete members. Installation required.
  2. Access Denied version 1.2 htpasswd manager (cgi script). Installation required.
  3. http://www.euronet.nl/~arnow/htpasswd/. No installation needed, just enter your details
  4. EZPass v1.1 - Croesus Design and Promotion (cgi script). Download from my server here. Installation required.

The third option might be the easiest! When you encrypt the password the .htpasswd file will look something like:


or if you have multiple users:


Make sure there are no empty lines before or after the above usernames/passwords.

This done simply upload your .htpasswd file to your server either in the protected directory or better yet, outside of your public folders. The important thing to remember is that where ever you put your .htpasswd file make sure you have the correct path to .htpasswd in your .htaccess file.

That's basically it. If you need a more detailed explanation drop me a line and i'll put one together!

As a final note, be aware that the encryption on some servers can be different so it's probably best to install a script locally to generate these files for you.

Advertisement Sign up for free to PayBox.me today and get $25 just for joining AND earn up to $20 per day for participating.