Password Protect Directory with .htaccess

Posted by Will on April 18, 2013

Ever wanted to lock down a directory behind a simple user/password system? If your web server is run with Apache, you can password protect a directory quite easily with your .htaccess file.

AuthType Basic
AuthName "Password Protected"
AuthUserFile /var/www/.htpasswd
require valid-user

The important part to note above is AuthUserFile /var/www/.htpasswd. That provides the path to the password file that stores your user name and password. An example .htpasswd file would look like:


For the above particular example, the user name is billybob and the password is temp. You don’t have to use the file name of .htpasswd, it is just a common name as the tool to create the file in apache is called htpasswd. Also keep in mind, to keep things your password file a little extra secure, it is a good idea to store it a folder level above the root of the website you’re hosting.

If you need to generate this file, I’ve created a .htpasswd generator. Generate the user name and password of your choice, and store it in your specified password file. From that point on, your directory should now be password protected. If you need to store multiple user names and passwords, just create new lines in your

Leave a Reply

Your email address will not be published. Required fields are marked *