Password Protecting Web directories

Password Protecting Your Pages with htaccess Learn how to use Apache’s .htaccess files to protect pages on your site with a username and password. Introduction You may have visited a web page that pops up a dialog box similar to this one: If you don’t know the username and password to enter, then you can’t access the page or site – it’s “password protected”. It’s sometimes handy to be able to password protect your pages like this – for example: You’re building a new site, but you only want yourself (and maybe a select few) to be able to view the work-in-progress. You have an area of your site that you never want the general public to have access to – for example, your web stats or private pages. You have some paid (subscription) content on your site that only subscribers should be able to access. Apache lets you password protect individual files, folders, or your entire site fairly easily. Read on to find out how it’s done. How it works To add password protection to your pages, you need to do the following two things: Create a text file on your server that will store your username and password. Create a special file called .htaccess in the folder you want to protect. That’s it! Now let’s take a look at how to do each step. Creating the password file The first step is to create a simple text file that will store your username and password, separated by a colon (:). The small catch is that the password must be encrypted. Luckily, there are many free web-based utilities that will encrypt the password for you. Try one of these: 4WebHelp’s online .htpasswd encryption tool Alterlinks .htaccess password generator htmlite’s htpasswd encryption page Simply enter your desired username and password in one of these pages and submit the form. You’ll get back a string similar to the following: fred:p29cmnwl4a0et Now, open up your favourite text editor (e.g. Notepad or TextEdit), then copy and paste the username/password string into the editor. Save the file and call it .htpasswd. Next, upload this file to your website. Make sure you place it outside the Web root of your site if possible, as you don’t want just anyone to be able to view the file! For example, place it above your public_html or htdocs folder. (Having said this, Apache is often set up by default to block web-based access to files beginning with .ht. Better safe than sorry though!) If you can’t place your .htpasswd file outside your Web root, name it something that’s not easily guessable – for example, .htxuymwp – so...

Read More