How to password protect a folder on your website using .htaccess

.htaccess is a configuration file for Apache web server with directives to make some config changes on a per-directory basis. You can use it to create basic authentication on your website to protect some directories and all it's subdirectories and files from unauthorized access. It's used together with .htpasswd file, which contains usernames and encrypted passwords of your members. If someone try to access any file in protected folder their will see popup window asking to enter their login credentials:

Create .htaccess file (configuration)

You can use any plain text editor (i.e Notepad, TextEdit, etc.) to create new file and name it .htaccess while saving. Copy/paste these lines to this file and edit them as explained below:

AuthType Basic 
AuthName "Authorized Members Only" 
AuthUserFile /home/example.com/.htpasswd 
require valid-user

Create .htpasswd file (generate passwords)

Like .htaccess, create new file in text editor and name it .htpasswd while saving. This file should contain text lines with username:encryptedPassword on each line. You can use our simple tool to generate user records for your .htpasswd file:




(We do not send password data to our servers, all information entered on this page is only stored and processed in your browser).

Upload files to your website

You should upload file to directory you want to protect. It will password protect all files and subfolders in this directory. Don't forget to upload .htpasswd file at correct path defined in .htaccess file. Make sure it's not accessible via http, it's good idea to place it outside main website directory.

Please note, some FTP clients may hide files starting with dot char in filename, if you do not see uploaded files, you can check your FTP client settings for option to display these files.

Automate passwords management

You can use AuthPro to automate password management instead of manually editing user passwords in .htpasswd file. You'll need to install simple PHP script which will synchronize your .htpasswd file with actual members list in your AuthPro account. Click here for more info.