Free and Opensource software review, Operating system review, Tips and Tricks, System tweaks, troubleshooting, Tools and Techniques, Hacks

How to Password Protect a web Directory

securing web directoryPassword protection is a simple and easiest way to prevent unauthorized access. Password protecting some web directories is also very essential if you want to prevent unauthorized access into certain parts of your website. This article deals with this problem and will tell you how to protect web directories with a username and password.

The locking method discussed here is accomplished using two files.

.htaccess and .htpasswd

The .htaccess file (also called hypertext access file) is a configuration file which is supported by most web servers. It can be used to override any other configuration settings of the web server. The main purpose of this file is to control access to different directories in the web server. .htpasswd is a file used to store authentication information like username and the password (encypted). These fles begin with a dot (“.”) because in Unix systems they are hidden.

To start making these files, we can make use of any common text editor. Now lets look into the contents of these files.


Now lets see what should the htaccess file contain. It looks something like this

AuthType Basic
AuthName “Title to be displayed”
require valid-user
AuthUserFile “ftp locaton of authentication file”

For example, you are running a cool website and you want to restrict access to the login page  which resides in the directory named login, then the contents of .htaccess file will look like

AuthType Basic
AuthName “Restricted Area”
require valid-user
AuthUserFile “/home/website/passwords/.htpasswd”

In most cases your website resides in “public_html” directory but it is most recommended that you choose the location of your authorization file to be in a directory not accessible by http.


The .htpasswd file is where we store the username and the password in encrypted format seporated by a colon. This file will contain data in rows and each row contains a username and its corresponding encrypted password. It may something like this

username:<encrypted password>

where “username” can be any username and is not encrypted.

Since the password to be mentioned there is the encrypted one, I will present a simple encryption tool.

Now you can directly copy the generated text and paste in your .htpasswd file.

PLACING .htaccess AND .htpasswd FILES

Once you have successfully completed making these files in your PC now you can now upload it to your server using any FTP client of your choice. The .htaccess file should be uploaded to the directory that has to be protected and .htpasswd file should be uploaded to the location specified in the .htaccess file.

If you have done all the steps correctly and placed the files correctly, then you will get the following login window next time you try to navigate to that folder in your browser.

Password Protecting Folder in Apache

, , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *