How to password protect a folder on your website using .htaccess

.htaccess is a configuration file for Apache web server with directives to make some config changes on a per-directory basis. You can use it to create basic authentication on your website to protect some directories and all it's subdirectories and files from unauthorized access. It's used together with .htpasswd file, which contains usernames and encrypted passwords of your members. If someone try to access any file in protected folder they will see popup window asking to enter their login credentials:

Create .htaccess file (configuration)

You can use any plain text editor (i.e Notepad, TextEdit, etc.) to create new file and name it .htaccess while saving. Copy/paste these lines to this file and edit them as explained below:

AuthType Basic 
AuthName "Authorized Members Only" 
AuthUserFile /home/example.com/.htpasswd 
require valid-user

AuthType Basic - sets type of authorization, just leave it as is
AuthName "Authorized Members Only" - your can set title for popup login box, but many browsers now ignore this setting
AuthUserFile /home/example.com/.htpasswd - sets path to .htpasswd file with passwords. Change it to actual path on your website where you will upload .htpasswd file
require valid-user - tells webserver to allow only valid users in .htpasswd file to access protected folder (leave as is)

Create .htpasswd file (generate passwords)

Like .htaccess, create new file in text editor and name it .htpasswd while saving. This file should contain text lines with username:encryptedPassword on each line. You can use our simple tool to generate user records for your .htpasswd file:

(We do not send password data to our servers, all information entered on this page is only stored and processed in your browser).

Upload files to your website

You should upload ,htaccess file to directory you want to protect. It will password protect all files and subfolders in this directory. Don't forget to upload .htpasswd file at correct path defined in .htaccess file. Make sure it's not accessible via http, it's good idea to place it outside of main website directory.

Please note, some FTP clients may hide files starting with dot char in filename, if you do not see uploaded files, you can check your FTP client settings for option to display these files.

Automate passwords management

You can use AuthPro service to automate password management instead of manually editing user passwords in .htpasswd file. To do this you'll need to install simple PHP script which will synchronize your .htpasswd file with actual members list in your AuthPro account. Click here for more info.