Password protection with htaccess- A Comprehensive guide to htaccess
The first thing you will need to do is create a file called .htpasswd. In the htpasswd file, you place the username and password (which is encrypted) for those whom you want to have access.
For example, a username and password of John and the htpasswd file would look like this:
For security, you should not upload the htpasswd file to a directory that is web accessible (yoursite.com/.htpasswd), it should be placed above your www root directory. You’ll be specifying the location to it later on, so be sure you know where you put it.
Create a new htaccess file and place the following code in it:
AuthUserFile /usr/local/you/safedir/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require user john
The first line is the full server path to your htpasswd file. Please note that if you place this htaccess file in your root directory, it will password protect your entire site, which probably isn’t your exact goal. So keep this htaccess file in the directory which you want to protect.
The second to last line require user is where you enter the username of those who you want to have access to that portion of your site. Note that using this will allow only that specific user to be able to access that directory. This applies if you had an htpasswd file that had multiple users setup in it and you wanted each one to have access to an individual directory. If you wanted the entire list of users to have access to that directory, you would replace Require user xxx with require valid-user.
The AuthName is the name of the area you want to access. It could anything, such as “EnterPassword”. You can change the name of this ‘realm’ to whatever you want, within reason.
We are using AuthType Basic because we are using basic HTTP authentication.
Thats ALL———— 🙂