HomeAfter Sale Support Working with Dynamic Flash Photo Galleries How to protect admin folder with .htaccess

How to protect admin folder with .htaccess


.htaccess can be used to protect folders on your account with a password-encryption. All files and subfolders within a folder protected by .htaccess will also be protected. Thus if you want to protect the whole website you should place .htaccess to public_html or httpdocs folder which is the public folder where your website files and folders are kept. But, if you want to protect only the specific folders, you will need to do that separately for each of the folders.
Note: If you have a Windows-based hosting plan, you cannot use .htaccess files. You can only use the .htaccess protection on the Apache-based Unix/Linux server.


1. Navigate to the folder that you want to protect

In the following example we would like to protect the admin folder of the Dynamic Flash Gallery in the public_html folder.
/users/user1/public_html/admin
Note: You need to keep the full path for the folder that you would like to protect. In our case the full path is  /users/george/public_html/protected .
The remaining steps in this guide assume we are still in this folder.


2. Create a file named .htaccess

Use any text editor up to your choice to create a file called .htaccess (Note: the period at the beginning of the filename. Now, make sure that your text editor did not append a .txt suffix to the file name. (In Windows, you can do this by right-clicking the icon for the text file and selecting "Properties".) If the file name does have a .txt suffix (i.e. '.htpasswd.txt'), remove the suffix by renaming the file.


3. Add the appropriate lines to the .htaccess file.

Using the same text editor (you chose in step 2), input the following.

AuthUserFile /users/george/public_html/admin/.htpasswd
AuthName "Title for Protected Site"
AuthType Basic
Require valid-user

Note:

  1. beside AuthUserFile, you should put the full path, with /.htpasswd immediately following it. The above example shows /users/george/public_html/admin/.htpasswd
  2. beside AuthName, input the words or phrase that you wish to appear as the title for the username/password input box.

4. Create the .htpasswd file by adding users

  1. Open up a text editor on your computer. We recommend that you use Notepad (Windows), SimpleText (Macintosh).
  2. Save the file (in an easy-to-find location) as .htpasswd (including the initial dot).
  3. Now, make sure that your text editor did not append a .txt suffix to the file name. (In Windows, you can do this by right-clicking the icon for the text file and selecting “Properties”.) If the file name does have a .txt suffix (i.e. ‘.htpasswd.txt’), remove the suffix by renaming the file.
  4. Before entering code into your new file, make sure that “Word Wrap” is turned off. (In Notepad, select “Format…” from the top navigation bar and make sure that “Word Wrap” is unchecked.
  5. Begin by selecting the username that you will use to log-in to the protected directory. (Usernames can be between 2 and 16 characters long and should only contain lower-case letters and numbers.)
  6. Type the username into the .htpasswd file followed by a colon. Your file should look like this:

    username:

  7. You’ll now need to encrypt the password that you will use to log-in to the directory. To do this, visit http://users.abac.com/cgi-bin/pass.pl. On this page, enter your password (up to 13 characters) and hit the “Submit” button – the encrypted password will be displayed on the following page.

    Note: The encrypted password will always be 13 characters long, regardless of the actual length of your password.

  8. Copy the encrypted password from the webpage and paste it into your .htpasswd file following the colon. Be sure to remove any spaces that may precede or follow the password. Your file should look like this:

    username:WvePMzyciLRIo

  9. To add additional users, end the current line with a carriage return and repeat steps (5) through (8) above on the next line.
  10. When you’re done adding users, save the file.

5. Set the permissions on your .htaccess and .htpasswd file

Open your FTP and browse to the root directory of your website. This is important: uploading your .htpasswd file to another directory may cause unexpected consequences.
Now set your upload settings to ASCII (Uploading .htpasswd files in ‘binary’ format may have unexpected consequences.) and upload your .htaccess .htpasswd file from your local computer. Be sure not overwrite an existing .htpasswd file – you may lose whatever login information is stored in that file.

Note:
If you have an existing .htpasswd file in your root directory, we suggest that you add the usernames and passwords contained in that file to your new .htpasswd file before uploading it to the web. You can do this by first downloading the old .htpasswd file and copying and pasting its content into your new file.
After the upload is completed, you may need to change the file permissions for the .htaccess and .htpasswd file. They should be set to 644 (using chmod) or RW-R--R--.

How do I remove htaccess protection?

To remove htaccess protection, simply delete or rename the .htaccess file in the admin folder.