Menu Close

Password Protect A Directory or A Single File by the .htaccess file

Protecting files on your website from unauthorized users can be very important. You could use PHP to listen for login authorization information on each page, but that doesn’t protect your images, documents, and other media?  The password protection and authentication systems offered by the Apache Web Server are probably one of the most important use of .htaccess file.  Very easily, we can password protect a directory (or multiple) of a web site which require a username and password to access.

Password Protection for a Directory

The method is called htaccess password protection or htaccess authentication, and works by uploading One file called .htaccess  in the directory you want to password protect.  The htaccess file should contain the following:

AuthType Basic
AuthName "The Member Zone Name"
AuthUserFile /path/to/password/file/.htpasswd
require valid-user

It password protected the directory that .htaccess file is located. If the .htaccess file is located in the public-html folder, It password protected the whole website. If the htaccess file is located in any other directory, it will protect the directory itself

The first line specifies the authentication type, in this example we are using ‘Basic’ because we are using basic HTTP authentication. The second line tells the Apache Web Server the secure directory is called ‘The Member Zone Name’, this will be displayed when the pop-up login prompt appears.  and finally the fourth line specifies that we require valid login credentials, this line can also be used to specify a specific username, e.g. ‘require user username’ would require the username ‘username’.

.htpasswd should be located in /path/to/password/file/ directory. This directory should be the root or a non publically accessible directory.  In Apache server, The directory can be your html root directory. But the best results is to place .htpasswd file into your root directory which is in the same directory of your public_html directory.  All the directory must be  a full/absolute server path.  If you donot know where the directory is located within full path, you can do a phpinfo() and find the DOCUMENT_ROOT value.

The .htpasswd should include following:


The Username and Password can be created in a lot of “htaccess password generator” tools. Please check

The cpanel and plesk control panel can do directory protection

You donot need upload any htaccess file and htpasswd file into your directory. In cpanel control panel, there is a link “Password Protect Directories”. Click it, and you then click the directory you want to protect.

In the following example, you have password protected the “datacenter” directory. You need check “password protect this directoy” and enter a name for the protected directory. ( It is the line “The Member Zone Name” in your .htaccess file ). The you just need enter your username and password. The cpanel will do all the other procedurs for you.


Password Protect A Single File with a .htaccess file

It should be exactly the same as password protect a directory. The only difference is to list the file name in your .htaccess file. It looks like:

AuthType Basic
AuthName “The Member Zone Name”
AuthUserFile /path/to/password/file/.htpasswd
AuthGroupFile /dev/null
<Files filename>
require valid-user

The filename should be the file you want to password protected.

Related Posts