How to password protect a directory with .htaccess

The first thing you must do is to create a .htaccess file inside the directory that you want to protect. Then the server will firstly check this file before allowing access to the directory. The file must contain these lines:

AuthUserFile /path_to_htpasswd/.htpasswd 
AuthName "Please login" 
AuthType Basic

The first line defines the absolute path to the .htpasswd file. The .htpasswd file holds all the usernames and encrypted passwords of users allowed to have access to protected directories in your website. We will create this file in step 2.

The second line defines the message that will be displayed when someone tries to access the directory.

The third line is the type of user authentication.

It is very important that this file is placed outside of the website root. Inside the file you must create users with this format:


For example:


You can create as many users as you like, each one on a different line. You can easily generate encrypted passwords with this tool.

Now that you have created the users file, add this line to the directory .htaccess file:

require valid-user

if you want to grant access to all users in the list or

require user minitek

if you want to grant access only to the user with the username minitek.

Subscribe to our Blog
Subscribe to this content and receive updates directly in your inbox.

This website uses cookies so that we can provide you with the best user experience. By clicking "continue" you agree to cookies being used in accordance with our Cookies Policy.