In this tutorial we will explain how to password protect a directory of files on your webserver using htaccess files.

First, we create a new directory on our webserver and move our sensitive files to this directory. For the sake of this tutorial, we will refer to this new directory as my_private_files.

Second, we create a .htpasswd file, like the following:

Here, admin is the username and goldman is the password. In some cases, especially when using htaccess on linux webservers, we need to make sure that we encrypt the password instead of having it in plain text. If htaccess doesn't work with cleartext, then encrypt the password. We recommend you use this online tool to retreive your encrypted password. Using this tool our example above becomes:

You can download our .htpasswd example here.

Third, we create a .htaccess file, like the following:

Here, "/home/john/public_html/.htpasswd", must be the full path (not the web path) to our htpasswd file.
You can download our .htaccess example here.

Note: This step is usually only needed when you maintain your own webserver. If you have an account with a hosting company then you can most likely skip this step.

There are various ways of modifying Apache, however we recommend the following. In the appropriate VirtualHost entry in httpd.conf, add the following:

Where "/home/john/public_html" is the document root directory of your hosting account. After modifying httpd.conf, restart Apache.