RJ Wattenhofer

Tech writing, 3D model building and game design.

May 17, 2024

How to Password Protect Directories

Usage of .htpasswd & .htaccess to password protect specific website directories on your server

written by

Creating password protected directories is a fairly straight-forward procedure, which I'll outline here for you step-by-step. First, you need to upload an .htaccess file (if one does not already exist) to the specific directory you want to password protect.

Open up a text editor (MS notepad or otherwise) and place the following commands in the file:

AuthUserFile /home/content/[YOUR_PATH]/.htpasswd
AuthType Basic
AuthGroupFile /dev/null
AuthName "Protected"
Require valid-user

There are many command variables that can be added and the above can be modified for specifics, but for the purposes of this article we will stick with the basics. Make sure to save the file in ANSI encoded format and then upload it to the directory on the server you want to protect. Again, the exact file name should be .htaccess.

Open up a new document in your text editor and place the following code in it:


For example if your user name is blarneystone and your desired password is irisheyes, you would first encrypt the password utilizing any free .htpasswd generator found online. Then you would place the following line of code in the file:


Each user who you want to have access to the protected directory must have their own line added:


The name of this file is .htpasswd. As before, save this file in ANSI encoded format and upload it to a directory that is preferably not web accessible. Absolutely do not place this file in the same directory where your new .htaccess file is located.

Now we must find the absolute path to your .htpasswd file. Open up a new document in the text editor and place the following code in it:

$dir = dirname(__FILE__);
echo "<p>Full path to this dir: " . $dir . "</p>";
echo "<p>Full path to a .htpasswd file in this dir: " . $dir . "/.htpasswd" . "</p>";

Save this file as test.php and upload it to the same directory where your placed the .htpasswd file. Now, paste the path of the new file in your address bar and hit enter. You will receive the following message:

Full path to this dir: /home/content/[YOUR_PATH]

Full path to a .htpasswd file in this dir: /home/content/[YOUR_PATH]/.htpasswd

This is the absolute path to your password file. Open up your .htaccess file and paste the path of the .htpasswd file on the same line where it reads 'AuthUserFile'
(EX: AuthUserFile /home/content/[YOUR_PATH]/.htpasswd)

Open up your browser and go to the directory that is now password protected. You will now have an authorization window pop up asking for a user name and password. If you receive a '500 internal server error' check your .htaccess file for errors. The most likey cause is that you do not have the correct absolute path to the .htpasswd placed in the file.

You may have a sub-directory in the protected directory that you do not want password protected, and would prefer it were accessible to the public. To remedy this situation, create another .htaccess file specifically for this sub-directory with the following commands:

Allow from all
Satisfy Any

This sub-directory is now open to public eyes, while the upper tier directory is not.

~ RJ Wattenhofer, May 11, 2013

bikini atoll 1946 cylidrome arena smart trivia game Cheap Silkroad R Sale Online, Fast And Safe, 24*7 online statis game statis game 02 country tales country tales 02 verdun game verdun game 02 ninja slayer action figure ninja slayer action figure
  • xing social button
  • linkedin social button
  • buffer social button
  • reddit social button
  • stumbleupon social button
  • facebook social button
  • google plus button
  • twitter social button
  • renren social button Renren
  • vkontakte social button Share in VK