.htaccess (hypertext access) is the default name for directory-level configuration files. A .htaccess file is placed in a directory, and it is applied to that directory, and all subdirectories. It provides the ability to customize configuration for requests to the particular directory.
Thus, .htaccess files are often used to for security restrictions on a particular directory. The .htaccess file is often accompanied by an .htpasswd file which stores valid usernames and its passwords. The steps for this security methods are:
- Creating the password file. First create a simple text file that will store your username and password. It will be separated by a colon (
:
). The password must be encrypted. You can use many free web-based tools that will encrypt the password, like 4WebHelp’s tool. Save the username and password generated to a file called.htpasswd using text editor like notepad.
- Upload this file to your website outside the Web root of your site, so that public are not able to view the file. For example, place it above your
public_html
folder. - Create a file with the name .htaccess, which will use the .htpasswd to protect your page(s) or website. Put the following code in the file:AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName “My Secret Folder”
Require valid-user/full/path/to/.htpasswd must be the full path to the
.htpasswd
file that you uploaded earlier – for example,/home/username/.htpasswd
. (If you’re not sure the full path to your website, ask your Web hosting company.)