2009-07-22

How to Password Protect Directory Using .htaccess

Do you want to password protect a directory on your website? .htaccess is a powerful file which can easily password protect your files and folders in your web directories. I share this new skill I learnt while implementing it on our site.

Lets suppose you want to protect the folder 'secretfolder' located on this path on your server: home/user/domain/secretfolder

Password Protect Directory with htaccess

Step 1 – Create .htpasswd file with your desired username and password in any text editor (like Notepad) and save without the .txt extension. It is a good idea to encrypt the password for extra security. Here is a good htpasswd encryption tool to do just that – simply enter the username and password and it will generate the code for you, which you can copy and paste. For a user 'abc' and password 'abc', I got this (but it generates a new one everytime) -

abc:9476nIHW7Esgw

Step 2 – Create .htaccess file with the code below. It can be created using any text editor (like Notepad) and saved without the .txt extension. Remember to double check the location of the htpasswd file, or it will not work. You can change 'Login Details' to whatever you want displayed on the pop up alert.

AuthUserFile /home/user/domain/secretfolder/.htpasswd AuthType Basic AuthName "Login Details" Require valid-user

Step 3 – Upload both these files in the same folder which you want to protect (in this case 'secretfolder'). Now whenever anyone accesses that directory or any files in it, they will be asked for login details. You web directory is now secure.

NOTE – You might not be able to see these files on your server since they are hidden files. I use Filezilla FTP client and often use the "force showing hidden files" option to view these files. Also remember that these files can be created easily in Notepad but save without .txt extension (Save a type - choose "All Files", then you can save without any extension). If the Login window keeps popping up, most probably your login details are wrong.

OPTION - Here are some simple scripts to protect webpages, but they are only the first line of security. However, they are easier to implement as they can be simply inserted in the webpage HTML code.

WARNING: .htaccess is a very powerful file to mess with and if wrongly configured can make your site inaccessible. If you are not sure of what you are playing with, seek professional tech support from your hosting provider. Edit your .htaccess at your OWN RISK, we bear no responsibility for the same and cannot provide support.

No comments:

Post a Comment

Based on original Visionary template by Justin Tadlock
Visionary Reloaded theme by Blogger Templates

Visionary WordPress Theme by Justin Tadlock Powered by Blogger, state-of-the-art semantic personal publishing platform