The purpose of this tutorial is to teach you the steps required to password protect directory using htaccess.
Step 1 – Create htpasswd file
You have to create a password file with your desired username and password login that is required to access the protected web folder. There are many sites that will you can use for this. One site you can use is http://www.htaccesstools.com/htpasswd-generator/.
On these sites, you will enter in your username and password, and you will be given back your username and an encrypted password in return. Paste this into notepad or another text editor and save the file as .htpasswd (no file name).
Upload the .htpasswd file somewhere on your server. It does not have to be uploaded to the same directory you wish to password protect. It is recommended for security reasons that you upload the file to a directory that is not web accessible.
Step 2 – Create htaccess file in the folder you want to protect
Create an .htaccess (no file name) file and upload it to the folder you want to protect. Within the .htaccess file, add the following;
1 2 3 4 |
AuthType Basic AuthName "Password Protected" AuthUserFile /home/fullpath/to/.htpasswd require valid-user |
Remember to replace the /home/fullpath/to/.htpasswd with the full path to the .htpasswd file you uploaded in step 1.
That’s it. You have now set up password protection for web directory. Your folder and all files within subfolders will be protected from google and other search bots, unwanted visitors, and basically anyone else you don’t grant explicit permission.
FYI if you are looking for an easy way to achieve this for your WordPress site, a way that doesn’t require you messing around with htaccess and htpasswd files, you can check out my Hide My Site WordPress plugin.