One of the most frequent question we receive by email is on the subject of password-protecting a directory on one's server. This can easily be accomplished using a file called .htaccess.
If you've ever come across the dialog box (or window, as some would prefer to call it) shown below in any of the web sites you've visited, then you have accessed an .htaccess-protected directory.
In order to properly implement an .htaccess file on your server, you need to have telnet access. If you do not have telnet access, there are some password protection scripts listed in our index that may be useful to you. But for purposes of this tutorial, we are assuming you have one - telnet access, that is.
Step 1: Login to your server.
So, the first step to this tutorial is to start a telnet session to your server. Once you have successfully logged in, change directory and proceed to the path you would like to password-protect. For example, if you want to password-protect a directory named members_only, type this at the telnet prompt:
Note that the actual path will depend on your own server. The above is only an example.
Step 2: Create the .htaccess file.
The next step is to invoke the text editor so you can type in all the information required in your .htaccess file. If you have the "pico" text editor installed on your server, simply type:
at the telnet prompt. Doing so will open a file named (you guessed it) ".htaccess" in the text editing program. You can then input the following:
AuthName Members Only Area
<Limit GET POST>
require user bob
The first line - AuthUserFile - indicates the location of the username/password file (see Step 3). We are also assigning permission to a user named bob (as shown in the example) by adding his username and password in the AuthUserFile.
Step 3: Create the password file.
OK, so you're done creating the .htaccess file. The next step is to specify who will be allowed to enter the password-protected directory. This is done by creating another text file - the one pointed to in the first line of your .htaccess file - AuthUserFile. We will now enter bob's name and password. On the telnet prompt, type:
htpasswd -c .htpasswd bob
The -c switch in the command creates the file named .htpasswd and subsequently prompts you for a password you wish to assign the username bob. So enter your password for bob. If you open your .htpasswd file with a text editor, the contents will look something like this:
where bob is the username and the characters after the colon is the encrypted password.
Step 4 - Adding another user.
If you want to add another user, say for example, joe, all you have to do is invoke again the htpasswd command at the telnet prompt. Type:
htpasswd .htpasswd joe
Notice that there is no -c this time because the file is already existing. Again, you will be prompted to enter a password for joe. Simply go ahead and enter it. Your password file should look something like this now:
That's it for this segment. If you want to know how to use the same method for groups of users as opposed to individual users, simply proceed to the next .htaccess tutorial.
Back to Tips and Tutorials