Password Protection Using .htaccess
There are several ways to protecting files and folders on your website from unauthorized users. For example, you can use PHP (or another server side programming language) to ask for login and password information on each page. Apache Web Server also allows you password protect individual files, folders, or your entire site in an easy and realiable way. In this article, I will show you how to protect your files using .htaccess.
When to protect a file/folder?
There are many situations that will lead you to protect specific parts or sections of your website, for example:
- You’re building a new website, but you only want yourself (and maybe your client) to be able to view the work-in-progress.
- Your website has some paid content that only subscribers should be able to access.
- Your website contains an area that you never want the general public to have access to – for example, your web stats or private pages.
In order to protect a file/folder by using this method, you will need two files: .htaccess and .htpasswd. Now let’s see how it works.
.htaccess File
AuthType Basic AuthName "The Protected Area" AuthUserFile /path/to/.htpasswd Require valid-user
The AuthUserFile directive tells the web server where the .htpasswd file, that contains the list of all valid users, is located.
.htpasswd File
thebigboss:$apr1$2O.UM/..$Onwuzv311CRytNyAUysYL. samuelljackson:$apr1$hE/XM/..$99rODul5uFkQgn9vbEosb1
The .htpasswd file contains the usernames and passwords of the users, one per line. The passwords are “encrypted” using MD5 for security reasons.
Very usefully post.
Thanks
Bruno