.htpasswd & .htaccess on webservers

Apache and other webservers lets you password protect individual files, folders, or your entire website fairly easily with .htpasswd and .htaccess.

To password protect a folder on your site, you need to put the following code in your .htaccess file:

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName “My Secret Folder”
Require valid-user

The path /full/path/to/.htpasswd should be the full path (the path to the file from the Web server’s volume root) to a text file calledĀ  .htpasswd uploaded in a folder outside of the web root, if possible.

The textfile .htpasswd contains the following informations, separated by a colon (:)

username:encryptedpassword

It’s possible to include multiple users in the .htpasswd file.

To encrypt the password, you can use free webtools like

orĀ  the htpasswd utility that comes with Apache.

More details are available in the following tutorial.