How to Password Protect a Directory with .htaccess

When you want the best in server-side security as far as protecting documents on a web server goes, you need look no further than .htaccess. This form of security can be useful for any number of purposes, namely any situation in which you want to require a username and password to access the contents of a given directory.


Quick, easy and to the point:

1. Create a simple text file with the following format:


Replace “4dev” with your chosen username and “mypassword” with your MD5 encoded password – click here for a quick and easy MD5 encoder.

2. Name the file .htpasswd and upload it to a non-web accessible folder above the root of your site.

3. Create another text file, this time with the following format:

AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
AuthName Protected
AuthType Basic

require user 4dev

Replace “/path/to/.htpasswd” with the path to your freshly uploaded .htpasswd file and “4dev” with the username you used in your .htpasswd file. The value for “AuthName” is the name of the realm and can be changed as you see fit.

4. Name the file .htaccess and upload it to the directory that you want to protect.

That’s it – when a web surfer finds their way to that directory, they’ll be prompted to enter the necessary credentials before they’re able to access its contents.

Share Your Thoughts