How to protect a directory using .htaccess

August 7, 2009 / Updated: August 7, 2009 / Lena Shore

Adding Folder Password Protection

Sometimes you need to protect a directory with a login and password. Here is how to accomplish this. You will need ssh access.

  1. Create or upload a file named: .htaccess in the directory you are wanting to protect.
  2. The .htaccess file should contain the following 4 lines:

    AuthType Basic
    AuthName "Some Description"
    AuthUserFile /[home-directory-full-path]/[passwordfile]
    Require valid-user

    NOTE: home-directory-full-path: If your domain was, then the third line would read something like:

    AuthUserFile home/user/www/

    In the above example “allowlist” is the name we’ve chosen for the password file.

  3. Next, you need to create the password file itself using the filename that matches what you put as [passwordfile] in the .htaccess file. Using our example, you would do this using a command prompt and typing:
  4. htpasswd -c allowlist myuser

    Once you’ve done the above step, you will be prompted twice for the user’s password. If you just want to add another user to an existing password file, or change a password for a user already in the file, then leave off the -c option. To learn more about the “htpasswd” command, you can read this documentation page. Also, you can type “htpasswd” by itself to see all the command’s options.

Removing Folder Password Protection

You can delete the .htaccess file from the command prompt by typing:

rm htdocs/www/.htaccess

(where htdocs/www/ was the directory that you put the .htaccess file in to begin with).

Posted in

Lena Shore

Lena is a full-time freelancer and nerd that specializes in web development, graphic design, and illustration. She enjoys building things, learning new things, pursuing creative endeavors, and giving free advice.

Leave a Comment

You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.