Protect folders with password using .htaccess

You can protect folders of your hosting service very easily using .htaccess and .htpasswd files, editing them with the notepad or equivalent applications.

Before you begin

To create the .htaccess and .htpasswd files we'll use notepad or equivalent, using MS Word, Openoffice, etc. wouldn't work because they aren't plain text editors. It could be that you already have a .htaccess file in your hosting, that's because it permits configure some server parameters, in this case you would only need to add a few lines to the file. In case you don't have any .htaccess file you must simply create a new text file (.txt) and rename it once uploaded to the server (that's because Windows doesn't permit filenames starting with a dot, meanwhile you can name it htaccess.txt).

The .htpasswd file contains the usernames and passwords, to avoid security flaws, you'll upload the file outside the public folder.

Editing the .htaccess file

  1. Create a text file with your plain text editor and paste the following:

    AuthName "Restricted Area"

    AuthType Basic

    AuthUserFile /var/www/YOURDOMAIN.COM/.htpasswd

    AuthGroupFile /dev/null

    require valid-user

    Here you must modify "YOURDOMAIN.COM" text and change it for your domain, remember to write it in lowercase.

  2. Save the file and upload it to the folder you want to protect using your FTP client (FileZilla for example) and rename it directly at the server to ".htaccess" without quotes.

Editing the .htpasswd file

  1. Create a new plain text file with your text editor and follow this steps:

    Go to http://www.htaccesstools.com/htpasswd-generator/ and write the username and password you want to use to protect your folder, press "Submit-it". In the next screen you'll see a line like this one:

    chosenusername:kJ7yup63GXWXk

    As you can see, the left side is the username and the right side the password, but it's encrypted, that's in case someone gains access to the .htpasswd file it would be more difficult to recover the original password. You can create multiple user accounts, you'll simply have to add one per line.

  2. Now copy this line and paste it at your text editor, save the file as .txt and upload it to the server, but this time you'll have to upload it outside the "public" folder. Once uploaded, rename it to ".htpasswd" (without quotes)

    That's it, you just created a login for your folder.

Note: To use this feature you'll need to have at least a Basic hosting plan.


Support