Password protect a directory

The first thing you will need to do is create a file called .htpasswd

the htpasswd file would look like this:


Where john is the use name and xcvg56 is the encrypted password

There is a great tool available for you to easily encrypt the password into the proper encoding for use in the httpasswd file.

Now edit your .htaccess file and add the following:

AuthUserFile /usr/local/you/mydir/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require user john

The first line is the full server path to your htpasswd file. If you have installed scripts on your server, you should be familiar with this. Please note that this is not a URL, this is a server path. Also note that if you place this htaccess file in your root directory, it will password protect your entire site, which probably isn’t your exact goal.

The second to last line require user is where you enter the username of those who you want to have access to that portion of your site. Note that using this will allow only that specific user to be able to access that directory. This applies if you had an htpasswd file that had multiple users setup in it and you wanted each one to have access to an individual directory.

If you wanted the entire list of users to have access to that directory, you would replace Require user xxx with require valid-user.

The AuthName is the name of the area you want to access. It could anything, such as “EnterPassword”. You can change the name of this ‘realm’ to whatever you want, within reason.

We are using AuthType Basic because we are using basic HTTP authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *