MyBestRatedWebHosting's MBRW Second Semi-Annual 2011 Hosting Award has been officially announced! Save yourself time and money by reading our detailed review and learn who received the final award of the industry's best web host!

Secure Password Protection with .htaccess

Secure Password Protection with .htaccess

You may have visited a website or two that requires a username and password to gain access. Of course, if you can’t supply these credentials, you are unable to enter the site. Webmasters do this to add security to their web pages and determine who may obtain access to certain files or aspects of their website. There are a couple of ways to go about password protecting your site. You can use a special program as well as programming languages such as PHP or Javascript. While these methods do work, the most effective way to password protect your site is with a little file known as .htaccess.

Why .htaccess?

.htaccess allows you to protect any web page or directory on the server. You also have the option of password protecting your entire website. So, what makes .htacess so secure? Unlike some other methods, it relies solely on the web server. This means that your usernames and passwords aren’t shared with a browser or stored in HTML code, which is what many programming languages do. The .htaccess file is useful for:

– Preventing access to your website until it is ready to launch

– Preventing access to your site from unauthorized users

– Allowing your customers to access content they paid for with a password

– Creating a private forum where only site members have access

Getting Started

There are several ways to password protect your site with .htaccess. The method discussed in this tutorial calls for you to first do two things: Create a password file where the usernames and passwords will be stored, and create an .htaccess file in the directory you want to protect.
Let’s start with the password file.

– With your favorite text editor, create a text file named “.htpasswd” Take note of the period in front of the filename.

– Use a reliable encryption program to create your password. Cut and paste the lines from the password into the .htpasswd file and save it.

– Upload the .htpasswd file to your server. You want to upload this file to a directory that isn’t live on the web, preferably a secure location such as your home directory. This will prevent someone from going directly to the file.

Creating the .htaccess File

In your favorite text editor, create a text file named “.htaccess”. Next, add the following lines:

AuthUserFile /path/to/htpasswd/file/.htpasswd
AuthGroupFile /dev/null
AuthName “Name of Area”
AuthType Basic
require valid-user

– Note that there should be a line for every user that requires access to the directory.

– Change the “/path/to/htpasswd/file/.htpasswd” part to the full path of the directory where you uploaded the previous file to.

– Change the “Name of Area” part to the name of the area on your site that is being protected. This is basically used when assigning different levels of protection.

– Save the file and upload it to the directory on the server you want to protect.


That’s it. You can test the password by accessing its URL. If it doesn’t work, you may need to encrypt it again via the encryption program. If you still encounter problems, contact your system administrator or web host to ensure that .htaccess support is enabled on the server.

Related Articles

1st April 2009
Posted by Web Hosting Consultant in MBRW cPanel Tutorials

Submit your Review

nine × 8 =