.htaccess Authentication Tutorial

This tutorial describes how to password protect a part of your website using basic .htaccess authentication

Follow these steps to complete the tutorial:

NOTE: This method is NOT recommended if you use FrontPage Extensions. Using this .htaccess authentication method may break your FrontPage installation.

1. Choose a folder/directory that you want to protect. This should be a directory that is in the "html" directory of your web space. An example would be html/secret/ .

2. A '.htaccess' file is a per-directory configuration file for your website. One of the many configuration settings you can use with '.htaccess' files is basic authentication, which is what we're discussing here.

   Create a new text file. Enter the following into this file:

   • AuthName "NAME FOR THIS PROTECTED SECTION"
   • AuthType Basic
   • AuthUserFile /path/to/htpasswd/file/.htpasswd
   • Require valid-user

   Make sure you change the parts in CAPS. For example, if your domain was 'johnsmith.com', your .htaccess file might look like this:

   • AuthName "Private Section"
   • AuthType Basic
   • AuthUserFile /home/johnsmit/johnsmith.com/.htpasswd
   • Require valid-user

   This file must be named '.htaccess' (notice the leading dot/period). Save the file and upload it with your FTP client to the location in your web hosting account that you decided in step #1.

3. The .htpasswd file is the place that valid user names and their encrypted passwords are stored. It is a ordinary text file, each line of the file represents a user that can access your protected area. Each line of the .htpasswd must have the following format:

   • user_name:encrypted_password

   An example .htpasswd file might look like this:

   • john:$1$8pDBN9X7$79EKQH.7WMF71PuaUapX./
   • mary:$1$uRlDZ4pV$v8cKwzTdG08ElNMONB1ql.

   This file means that two users have access to the protected area. The users' names are "john" and "mary". The apparently random characters following the colon after each name are the users' encrypted passwords.

   To encrypt a password for use in the .htpasswd file, go to http://nexcess.net/crypt.php and enter the password you wish to encrypt.

   Create a text file called .htpasswd (notice the leading dot), add the valid users and their encrypted passwords to the file as described above. Upload the .htpasswd file to your FTP web hosting account, not into your 'html' directory but rather into your initial (root) directory once you login. This should be 1 level above the 'html' directory.

   NOTE: If you receive an error when trying to upload the .htpasswd file, open a support ticket and we will fix the problem.

4. Create a file that you want to protect (for example, "topsecret.html"). Upload it to protected directory web hosting account, then browse to the file using a web browser (for example, http://johnsmith.com/secret/topsecret.html). If you uploaded the .htaccess file correctly, you should see a dialog that looks something like this:

   

   Enter the user name and password that you set up in step #3. If you uploaded the .htpasswd file correctly, you should see the contents of your protected file (in this example, the contents of topsecret.html).

   Congratulations, you're done! You can now password protect directories using .htaccess.

   Back to web hosting tutorials page