Password protecting a directory with htaccess and htpasswd

Password protecting a web directory can help make a directory private and only accessible to one or several persons that have the username(s) and password(s).

AuthUserFile /home/linuxuser/.htpasswd
AuthType Basic
AuthName “Tech and Dev Example”
Require valid-user

AuthUserFile: this is the path of the .htpasswd file where the username and password will be stored. The file can be located anywhere, but ideally, it’s better if it’s placed in a non public directory where users can’t access it from the web.

AuthType: should be Basic

AuthName: The title of the window that will be authenticating the user. For example if you’re password protecting your private files, you might want to change this to “My Private Files”.

This is the file where the username and password are stored.

This file is usually called htpasswd (by convention if you want), however you can rename this file to anything you want. Many applications use their appname followed by htpasswd, for example .awstats-htpasswd

It’s always a better idea to keep this file outside of the public folder (www or public_html…)

Assuming you want the username to be username and the password to be password, write the following command in SSH:

Then inside the htpasswd file write the output value from the SSH (the password might be different since everytime a different salt value is used):

You can add as many usernames and passwords as you like, for example:

To understand more on how the password is generated and encrypted, you can check my previous post: Understanding the encryption process in htpasswd file.

To generate a username/password, you can check our online Encryption Tools.