can be used to protect folders on your account with a password-encryption. All files and
subfolders within a folder protected by
will also be protected. Thus if you want to protect the whole website you should
folder which is the public folder where your website files and folders
are kept. But, if you want to protect only the specific folders, you will need to do that
separately for each of the folders.
If you have a Windows-based hosting plan, you cannot use .htaccess files.
You can only use the .htaccess protection on the Apache-based Unix/Linux server.
1. Navigate to the folder that you want to protect
In the following example we would like to protect the
admin folder of the
Dynamic Flash Gallery
Note: You need to keep the full path for the folder that
you would like to protect. In our case the full path is
The remaining steps in this guide assume we are still in this folder.
2. Create a file named .htaccess
Use any text editor up to your choice to create a file called
.htaccess (Note: the period at the beginning of the filename. Now, make sure that your
text editor did not append a .txt suffix to the file name. (In Windows, you can do this by
right-clicking the icon for the text file and selecting "Properties".) If the file name does have a
.txt suffix (i.e. '.htpasswd.txt'), remove the suffix by renaming the file.
3. Add the appropriate lines to the
Using the same text editor (you chose in step 2), input the
AuthName "Title for Protected Site"
AuthUserFile, you should put the full path, with
/.htpasswd immediately following it. The above example shows
AuthName, input the words or phrase that you wish to appear as the title for the
username/password input box.
4. Create the
.htpasswd file by adding users
- Open up a text editor on your computer. We recommend that you use Notepad (Windows), SimpleText
- Save the file (in an easy-to-find location) as .htpasswd (including the initial dot).
- Now, make sure that your text editor did not append a .txt suffix to the file name. (In
Windows, you can do this by right-clicking the icon for the text file and selecting “Properties”.)
If the file name does have a .txt suffix (i.e. ‘.htpasswd.txt’), remove the suffix by renaming the
- Before entering code into your new file, make sure that “Word Wrap” is turned off. (In Notepad,
select “Format…” from the top navigation bar and make sure that “Word Wrap” is unchecked.
- Begin by selecting the username that you will use to log-in to the protected directory.
(Usernames can be between 2 and 16 characters long and should only contain lower-case letters and
- Type the username into the .htpasswd file followed by a colon. Your file should look like this:
- You’ll now need to encrypt the password that you will use to log-in to the directory. To do
http://users.abac.com/cgi-bin/pass.pl. On this page, enter your password (up to
13 characters) and hit the “Submit” button – the encrypted password will be displayed on the
Note: The encrypted password will always be 13 characters long, regardless of the actual
length of your password.
- Copy the encrypted password from the webpage and paste it into your .htpasswd file following
the colon. Be sure to remove any spaces that may precede or follow the password. Your file should
look like this:
- To add additional users, end the current line with a carriage return and repeat
steps (5) through
(8) above on the next line.
- When you’re done adding users, save the file.
5. Set the permissions on your .htaccess and .htpasswd file
Open your FTP and browse to the root directory of your website. This is important: uploading
.htpasswd file to another directory may cause unexpected consequences.
Now set your upload settings to ASCII (Uploading
.htpasswd files in ‘binary’ format may have unexpected consequences.) and upload your
.htaccess .htpasswd file from your local computer. Be sure
not overwrite an existing
.htpasswd file – you may lose whatever login information is stored in that file.
If you have an existing
.htpasswd file in your root directory, we suggest that you add the usernames and passwords
contained in that file to your new
.htpasswd file before uploading it to the web. You can do this by first downloading the
.htpasswd file and copying and pasting its content into your new file.
After the upload is completed, you may need to change the file permissions for the
.htpasswd file. They should be set to 644 (using chmod) or RW-R--R--.
How do I remove htaccess protection?
To remove htaccess protection, simply delete or rename the
.htaccess file in the