HomeDefault

Make password protect directories using .htaccess

Like Tweet Pin it Share Share Email

The directory/folder password protection or authentication systems offered by the Apache Web Server are probably the most important use of .htaccess file.We can easily make a directory password protected (or multiple directory) of a website which require a username and password to access.Password are also encrypted using one of the best encryption methods available which ensures login credentials are kept secure.

How can I do? 3 simple steps to go.

 

Create a .htaccess file

Use an ASCII text editor (Binary will not work at all) like Notepad to create a text file with the following lines of contents

AuthName “Secured Area”
AuthType Basic
AuthUserFile /path/to/your/directory/.htpasswd
require valid-user

you can also update these setting according to your requirement

AuthName

Change “Secure Area” to any name that you like. This name will be displayed when the browser prompts for a password. If, e.g that area is to be accessible only to members of your site, you can name it “Members Only Area” etc.

AuthUserFile

 You will later create a file containing passwords named as .htpasswd. The “AuthUserFile” line tells the Apache web server where it can locate this password file(.htpasswd).Ideally, the password file should be placed outside any directory accessible by visitors to your website. For example, if the main page of your web site is physically located in “/home/your-website/public-html/”, place your .htpasswd file in /home/your-website/.htpasswd. That way, on the off-chance that your host misconfigures your server, your visitors cannot view the .htpasswd contents by simply typing http://www.your-website.com/.htpasswd.

Wherever you want to place the file, put the full path of that file after “AuthUserFile”. For example, if the directory where you placed the file is /home/your-website/.htpasswd, modify that line to “AuthUserFile /home/your-website/.htpasswd”. Note that your password file need not be named .htpasswd either. It can be any name you wish,but must started with .ht (as it is set in httpd.conf file)

AuthType and require

You do not have to modify these.Just copy the lines as it is.

 

Save and Upload the .htaccess file                                                                                                                                                                                                                                Save the .htaccess file.If you are using Notepad, be sure to save the file as “.htaccess”, including the quotes, otherwise Notepad will change the name to “.htaccess.txt”.Then upload the .htaccess file to the directory that you want to protect.

 

Set Up the Password File .htpasswd

username:encryptedpassword
scriptarticle:oCF9Pam/MXJg2

username:encryptedpassword
scriptarticle2:Tyuism/MXJ7t

 

where your-username is the login name of the user you want to give access. The user name should be a single word without any intervening spaces. You will then be prompted to enter the password for that user.

 

Place the .htpasswd file as the path given in .htaccess file.

Here is the way to get encrypted password.
click here to generate encrypted password.

or simple you make a .htpasswd using command line,if you have telnet,SSH access of the server.Here is the command.

htpasswd -c .htpasswd your-user-name