You can easily password protect a directory with htaccess. This is a very practical method if you want an easy way to secure a directory on an Apache web server to keep public visitors out.

First, you will need a .htaccess file in the directory you wish to secure. The parameters for this .htaccess file are as follows:

AuthName "Please Login"
AuthType Basic
AuthUserFile /FullPathTo/.htpasswd
require valid-user


In the above example replace ‘FullPathTo‘ with the full path on the server to the .htpasswd file (which we will cover next). It is extremely important to note that this file should be placed outside your main web root folder (so that it is not accessible through the web just by FTP).

Second, you will need to create the .htpasswd file and place it in another area on the server only accessible by FTP. Here is the syntax for this file:



In this file each login should be on a separate line, the above example only has one login and therefore only 1 line in the .htpasswd file. It is very important that you do not store your password(s) in plain text for security reasons. The password(s) that you use should be MD5’d. You can use a number of free online MD5 hash generators for this.

Once these two files are created and uploaded to your server, the directly that the .htaccess file is in will now be secure.