{"id":68,"date":"2012-09-16T16:41:00","date_gmt":"2012-09-16T16:41:00","guid":{"rendered":"https:\/\/www.tech-and-dev.com\/blog\/2012\/09\/16\/password-protecting-a-directory-with-htaccess-and-htpasswd\/"},"modified":"2021-02-22T01:01:00","modified_gmt":"2021-02-22T01:01:00","slug":"rotecting-directory-or-subdirectory-with-htaccess-htpasswd","status":"publish","type":"post","link":"https:\/\/www.tech-and-dev.com\/blog\/2012\/09\/rotecting-directory-or-subdirectory-with-htaccess-htpasswd.html","title":{"rendered":"Password protecting a directory with htaccess and htpasswd"},"content":{"rendered":"

Password Protecting a web directory with htaccess<\/h3>\n
Password protecting a web directory can help make a directory private and only accessible to one or several persons that have the username(s) and password(s).<\/div>\n
\"htaccess\"<\/a><\/div>\n

 <\/p>\n

How to password protect a directory?<\/h3>\n

htaccess <\/span><\/h4>\n
    \n
  1. Go to the directory you want protected.<\/li>\n
  2. Check if you have a .htaccess<\/b> file.<\/li>\n
  3. If a htaccess file is available, you have to edit it, otherwise create a new .htaccess<\/b> file.<\/li>\n
  4. Add the following to the htaccess file:<\/li>\n<\/ol>\n
    \n
    \n
    AuthUserFile \/home\/linuxuser\/.htpasswd<\/span>
    \nAuthType Basic<\/span>
    \nAuthName “Tech and Dev Example”<\/span>
    \nRequire valid-user<\/span><\/div>\n<\/blockquote>\n

    AuthUserFile:<\/b> this is the path of the .htpasswd file where the username and password will be stored. The file can be located anywhere, but ideally, it’s better if it’s placed in a non public directory where users can’t access it from the web.<\/p>\n

    AuthType:<\/b> should be Basic<\/b><\/p>\n

    AuthName:<\/b> The title of the window that will be authenticating the user. For example if you’re password protecting your private files, you might want to change this to “My Private Files”.<\/p><\/blockquote>\n<\/div>\n

     <\/p>\n

    htpasswd<\/span><\/h4>\n
    This is the file where the username and password are stored.<\/div>\n
    This file is usually called htpasswd (by convention if you want), however you can rename this file to anything you want. Many applications use their appname followed by htpasswd, for example .awstats-htpasswd<\/i><\/div>\n
    It’s always a better idea to keep this file outside of the public folder (www or public_html…)<\/div>\n
    <\/div>\n
    Assuming you want the username to be username<\/i> and the password to be password<\/i>, write the following command in SSH:<\/div>\n
    \n
    #htpasswd -nb username password<\/span><\/div>\n<\/blockquote>\n
    Then inside the htpasswd file write the output value from the SSH (the password might be different since everytime a different salt value is used):<\/div>\n
    username:60lwxfC9Ln84g<\/i><\/div>\n
    <\/div>\n
    You can add as many usernames and passwords as you like, for example:<\/div>\n
    username:60lwxfC9Ln84g
    \nusername2:30dJVEURUeYJc<\/i><\/div>\n

     <\/p>\n

    How is the password getting encrypted?<\/h3>\n
    To understand more on how the password is generated and encrypted, you can check my previous post: Understanding the encryption process in htpasswd file.<\/a><\/div>\n
    <\/div>\n
    To generate a username\/password, you can check our online Encryption Tools<\/a>.<\/div>\n

     <\/p>\n

    Example<\/h3>\n

    http:\/\/lab.tech-and-dev.com\/protecteddir\/<\/a>
    \nUsername: username<\/i>
    \nPassword: password<\/i>
    \nor
    \nUsername: username2<\/i>
    \nPassword: password2<\/i><\/p>\n

    Any questions or suggestions? Please leave a comment below!<\/p>\n

     <\/p>\n","protected":false},"excerpt":{"rendered":"

    Password Protecting a web directory with htaccess Password protecting a web directory can help make a directory private and only accessible to one or several persons that have the username(s) and password(s).   How to password protect a directory? htaccess Go to the directory you want protected. Check if you have a .htaccess file. If […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[83,84,40,85,6,28,31,7],"tags":[],"class_list":["post-68","post","type-post","status-publish","format-standard","hentry","category-encryption-tools","category-ftp","category-htaccess","category-htpasswd","category-linux","category-security","category-server","category-ssh"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/68","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/comments?post=68"}],"version-history":[{"count":1,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/68\/revisions"}],"predecessor-version":[{"id":212,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/68\/revisions\/212"}],"wp:attachment":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/media?parent=68"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/categories?post=68"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/tags?post=68"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}