How do I password protect part of my site?

Post Reply
User avatar
Nick|NFo
Former staff
Former staff
Posts: 2252
Joined: Sun Mar 30, 2003 1:56 pm
Location: 127.0.0.1

How do I password protect part of my site?

Post by Nick|NFo » Sat Mar 01, 2008 1:14 pm

You will need to create two files in the directory you want to protect (all subdirectories will then be protected as well): one called .htaccess, and another called .htpasswd. Because these files start with a period, you will not be able to see them in your FTP folder after you upload them, so make sure to keep a copy of both on your personal machine!

Start by opening Notepad and pasting this into the blank document:

Code: Select all

# Access file
order allow,deny
allow from all
require valid-user
Authname "DirectoryName"
Authtype Basic
AuthUserFile /usr/www/USERNAME/DIRECTORY_TO_PROTECT/.htpasswd
USERNAME represents the username for your FTP. DIRECTORY_TO_PROTECT represents the subdirectory you are protecting with a password, and where you will be uploading .htaccess and .htpasswd to.

Save that to your hard drive under the name ".htaccess" (no quotes).

Next, open up Notepad again with a new document. For each person you want to have access to your password-protected directory, you must add the following line:

LOGIN_NAME:HASHED_PASSWORD

LOGIN_NAME represents the name they will use to login, such as "Bob". HASHED_PASSWORD is the password you want them to have, which has been run through a special filter to change it to a different form. To apply the filter, visit this page and type in the password to give them: https://www.nfoservers.com/passcreator.pl. It will output what the password hashes to; copy that string (everything after the colon on the first line, including any periods or other odd characters) into Notepad as HASHED_PASSWORD.

After you've added all the users and their passwords, save that file to your hard drive as ".htpasswd" (no quotes).

Then, simply upload .htpasswd and .htaccess into SUBDIRECTORY_TO_PROTECT on your free webspace. That directory and all subdirectories will be instantly password-protected!
-Nick

Post Reply