You can secure (a directory on) your website behind a log in prompt with the aid of a .htaccess and a .htpasswd file. In this article we will give you a step-by-step explanation on how to make (a part of) your website only accessible to users that have the required credentials.
Create a .htpasswd file
In the .htpasswd file you enter the user name(s) and encrypted password(s) that are required to log on to (a specific part of) your website. Next, using SFTP, you upload the .htpasswd file to the directory of your website you want to secure.
If you want to secure your root website (like transiptutorials.com), simply add the files we mention below in the root directory 'www'.
Visit our .htpasswd generator and enter a username and password you want to secure the directory on your website with. Next, click 'Generate'.
In the image above you can see we used the username 'User1' and a password with 8 characters. After clicking the 'Generate' button, our password is encrypted and is shown in the grey box. Save the encrypted password and head over to Step 2.
Now open a text file and enter the encrypted password you saved in Step 1. Save the text file with the name '.htpasswd' (the dot is not a typo). Make sure to select 'All files' next to 'Save as type'.
Now log on to your control panel and head over to the tab 'Domains & Hosting' at the top of the page. Click on the cog wheel next to 'Your website', followed by 'SFTP filemanagement'.
Now navigate to the directory you want to secure and upload the .htpasswd file. Use the tutorial 'Using SFTP filemanagement in your control panel' for more information.
In our example below you can see we want to secure the directory 'images' which is located in the root directory 'www'.
Create a .htaccess file
Now you've established which directory to secure, it's time to enable the actual password protection on this directory. We do this with the help of a .htaccess file.
Open another text file and enter the following lines:
AuthName "Secured area" AuthUserFile /path/to/your/dir/.htpasswd AuthGroupFile /dev/null AuthType Basic require valid-user
It's important to enter the absolute path of your directory next to 'AuthUserFile'. We're using the directory 'images' in our example, which results in the following absolute path:
Replace transiptutorials.com with your own domain name and the directory 'images' with your own directory.
Now save the text file as '.htaccess'. Make sure you select 'All files' next to 'Save as type'.
Now head back to 'SFTP filemanagement' in your control panel. Navigate to the directory you want to secure and upload the .htaccess file here.
The next time you visit the secured directory, you will see a log in prompt. This page (and all its subdirectories) will only be accessible when the corresponding username and password are entered.
Take note: You need to enter the username and password you entered in the htpasswd generator. You do not enter the encrypted password here.
In order to grant access to multiple users, simply create additional users and passwords in the htpasswd generator. Enter the encrypted passwords in seperate lines, as shown in the example below.
Now save the .htpasswd file and upload it to the directory again using 'SFTP filemanagement'.
This tutorial showed you how to secure directories of your website using .htpasswd and .htaccess files.
If you have any questions regarding this article, please contact our support team. You can reach them using the 'Contact us' button below or via the 'Contact' button inside your control panel.
If you wish to discuss this article with other users, feel free to leave a comment below.