, , ,

Follow the steps below to Protect a Directory Using .htaccess on Apache level

open .htaccess file AND add below code

Place this .htaccess file inside directory want to password protected. So, you have to place .htaccess file inside each directory want to password protected.

AuthName "Admin Area"
AuthType Basic
AuthUserFile /path/to/your/directory/where/.htpasswd/file/present
require valid-user

Note: you will have to modify 1st and 3rd line from the above code as per your situation.

  1. AuthName

    Change “Admin Area” to any other as per your requirement. This name will be displayed when the browser prompts for a password.

  2. AuthUserFile

    You will later create a file containing usernames & passwords named .htpasswd. The “AuthUserFile” line tells the Apache web server that where it will find this file.

Important note

Ideally, the password file should not be placed inside any directory accessible by visitors of your website. For example, if the home page of your web site is located in “/home/your-account-name/public-html/” then place your .htpasswd file outside /public-html/. In this way you can protect your .htpasswd file from outside world and users can not access that by simply typing http://www.example.com/.htpasswd.

Another important point I would like to mention here, wherever you put the file, write the full path of that file after “AuthUserFile”. For example, if the directory where you placed the file is /home/lib/.htpasswd , modify that line to “AuthUserFile /home/lib/.htpasswd“.

AuthType and require

You do not need to modify these two rows.

Link where you can generate encrypted password


Bonus Tip

Your username & password file need not be named .htpasswd. It can be any other name you wish. You can have multiple username & password in .htpasswd file but per line only one username and password.

Enjoy Restrictions 🙂