How to Password Protect Web Directories using htaccess ?

by Aky Joe on February 21, 2010


At present, most of the Websites and blogs are hosted on Apache Server, which provides directory-level configurations for fine tuning and efficient performance of the website. Apache uses Hypertext Access files, that .htaccess file, which configures Apache’s Universal system-configuration directives.

Usually, a website or a blog, contains several private and sensitive information, and kept confidential for outside world. As, in my last article on Wordpress Security: Disable directory browsing using htaccess on Apache Web Server, directory browsing is enabled by default and have to disable it using .htaccess method. But disabling a directory means, even the administrator can’t access the contents, which can rate the height of stupidity. But, if we password protect web directory having confidential information, the directory will be disabled for the outside world, and user knowing the password, can gain access to its contents.

On apache server, uses .htaccess files to set directives in order to disable access or password protect directory. .htaccess, uses another file which, consists of usernames and passwords, allows successful authentication to directory. Below is the procedure to create a  .htaccess file:

  1. Browse to directory which need to be password protected.
  2. Create a file .htaccess within the directory, for instance, if I want to protect “www.youdomain.com/life”, I’ll create .htaccess file under the “life” sub-directory under root directory of the domain “yourdomain.com”.
  3. Copy-Paste the below code snippet:
    4.    1: AuthUserFile /www/path/to/file/.htpasswd

       2: AuthGroupFile /dev/null

       3: AuthName "Confidential Information"

       4: AuthType Basic

       5: require user joe

  4. Now save the file.

.htaccess, uses another file which, consists of usernames and passwords, allows successful authentication to directory.

  1. Create a text file that will store username and password parted by a colon (:).
  2. Simply copy-paste the code in below snippet, to your htpasswd file.
    3.    1: aky:admin

       2: joe:going

       3: akshay:khurana

  3. Save the file as by .htpasswd or any other name, but make sure you edit the .htaccess file accordingly.

Once all the above configurations are set, upload the files via ftp if you created them locally at your end. Once the files are uploaded, the directory restrictions are set, and user will be prompted to access that specific directory having the .htaccess file. Below is a screenshot prompting the username and password for authentication.

image If the login authentication is successful, user is redirected to the protected web directory, else it is redirected to 401 Authorization Required Exception Page.

This concludes the article as we learned how to password protect our web directory using .htaccess.

For any queries or further assistance required, post comments as your feedbacks.

Tagged as: , , , ,

Related posts:

  1. Wordpress Security: Disable directory browsing using htaccess on Apache Web Server
  2. Wordpress Security: Restrict wp-content and wp-includes on wordpress using htaccess
  3. Improve Performance by Image Caching of Wordpress Blog using htaccess trick
  4. How to detect iPhone Browser in Wordpress and redirection using htaccess ?
  5. htaccess code http_user_agent of Multiple Phone Browsers for Wordpress Blogs
WooThemes - WordPress themes for everyone

Article by Aky Joe

Aky Joe has written 34 articles .

If you like this post, you can follow ThemePremium on Twitter.

Subscribe to ThemePremium feed via RSS to receive instant updates.

Leave a Comment

Previous post:

Next post:

.