This document is for those that do not have a Hosting Control panel on their server. If you do have a Hosting Control panel, please see your Hosting Control Panel's Documentation on creating Protected Folders, or .htaccess protected folders.
To add password protection to your pages from the shell (No hosting control panel), you need to do the following two things:
- Create a text file on your server that will store your username and password.
- Create a special file called .htaccess in the folder you want to protect.
Creating the Password File
You can encrypt your password and add it to your password file in one go by using the htpasswd utility that comes with Apache. Simply SSH to your server or open up a terminal window on your local machine, cd to the folder where you want to create your password file, and type:
htpasswd -c .htpasswd myuser
(where myuser is the username you want to use). You'll be prompted to enter and retype your password, then the .htpasswd file will be created for you.
Creating the .htaccess file
Now that you have created and uploaded your password file, you need to tell Apache to use it to protect your page(s) or site. This is what your .htaccess file will do.
Open your text editor again, create a new file, and save it as .htaccess
Protecting a folder
To password protect a folder on your site, you need to put the following code in your .htaccess file:
AuthUserFile /full/path/to/.htpasswd AuthType Basic AuthName "My Secret Folder" Require valid-user
/full/path/to/.htpasswd should be the full path to the .htpasswd file that you uploaded earlier. The full path is the path to the file from the Web server's volume root - for example, /home/username/.htpasswd or C:\wwwroot\username\.htpasswd
The above .htaccess file will password protect all files in the folder that it is placed in, and all sub-folders under that folder too.
Upload the .htaccess file you created (If you created it locally instead of on the webserver) to the folder's you wish to protect.