Password Protection using htaccess
The .htaccess File
Adding password protection to a directory using .htaccess takes two stages. The first part is to add the appropriate lines to your .htaccess file in the directory you would like to protect. Everything below this directory will be password protected:
AuthName "Section Name" AuthType Basic AuthUserFile /full/path/to/.htpasswd Require valid-user
There are a few parts of this which you will need to change for your site. You should replace “Section Name” with the name of the part of the site you are protecting e.g. “Members Area”.
The /full/parth/to/.htpasswd should be changed to reflect the full server path to the .htpasswd file (more on this later). If you do not know what the full path to your webspace is, check your Bluehost cPanel. Look on the left “stats” column of the cPanel.
The .htpasswd File
Password protecting a directory takes a little more work than any of the other .htaccess functions because you must also create a file to contain the usernames and passwords which are allowed to access the site. These should be placed in a file which (by default) should be called .htpasswd. Like the .htaccess file, this is a file with no name and an 8 letter extension. This can be placed anywhere within you website (as the passwords are encrypted) but it is advisable to store it outside the web root (in your home directory) so that it is impossible to access it from the web.
Entering Usernames And Passwords
Once you have created your .htpasswd file (you can do this in a standard text editor) you must enter the usernames and passwords to access the site. They should be entered as follows:
where the password is the encrypted format of the password. To encrypt the password you will either need to use one of the pre-made scripts available on the web or write your own. There is a good username/password service at the KxS site (http://www.kxs.net/support/htaccess_pw.html) which will allow you to enter the user name and password and will output it in the correct format.
For multiple users, just add extra lines to your .htpasswd file in the same format as the first. There are even scripts available for free which will manage the .htpasswd file and will allow automatic adding/removing of users etc.
Accessing The Site
When you try to access a site which has been protected by .htaccess your browser will pop up a standard username/password dialog box. If you don’t like this, there are certain scripts available which allow you to embed a username/password box in a website to do the authentication. You can also send the username and password (unencrypted) in the URL as follows:
Note: .htaccess is one of the most useful files a webmaster can use. There are a wide variety of different uses for it which can save time and increase security on your website.
If you wanted to password protect a specific page only, you can try this as your htaccess coding :
AuthName “Secret Place”
You can protect the actual .htaccess file from being viewed by visitors by using this code :
deny from all
Some Examples :
Password for a directory:
AuthName "Private zone"
AuthName will be displayed for the user and can be used to explain authentication request. The value of
AuthUserFile defines the location where the file with passwords for accessing this directory is stored. This file is created by a special tool named htpasswd.exe or more convenient and flexible program Htpasswd Generator.
For example, we create the following .htaccess file in the protected directory:
AuthName "For Registered Users Only"
In this example, the user requesting this directory will read the message “For Registered Users Only”, the file with passwords for access must be stored in the directory /pub/site.com/ and it must be named .htpasswd . The directory is specified from the server root. If you specify the directory incorrectly, Apache will not be able to read the .htpasswd file and nobody will get access to this directory.
Password for one file only:
Similar to protecting a whole directory with a password, you can set a password for one file only. An example of setting a password to the file private.zip:
AuthName "Users zone"
Password for a group of files:
Similarly, you can use
<Files ~ "\.(inc|sql|...other_extensions...)$"> to set password for files by mask. An example of setting a password for accessing all files with the “sql” extension:
<Files ~ "\.(sql)$">
AuthName "Users zone"