- Web templates
- E-commerce Templates
- CMS & Blog Templates
- Facebook Templates
- Website Builders
How to protect admin folder with .htaccess
November 15, 2010
.htaccess can be used to protect folders on your account with a password-encryption. All files and subfolders within a folder protected by .htaccess will also be protected. Thus if you want to protect the whole website you should place .htaccess to public_html or httpdocs folder which is the public folder where your website files and folders are kept. But, if you want to protect only the specific folders, you will need to do that separately for each of the folders.
Note: If you have a Windows-based hosting plan, you cannot use .htaccess files. You can only use the .htaccess protection on the Apache-based Unix/Linux server.
1. Navigate to the folder that you want to protect
In the following example we would like to protect the admin folder of the Dynamic Flash Gallery in the public_html folder. /users/user1/public_html/admin Note: You need to keep the full path for the folder that you would like to protect. In our case the full path is /users/george/public_html/protected . The remaining steps in this guide assume we are still in this folder.2. Create a file named .htaccess
Use any text editor up to your choice to create a file called .htaccess (Note: the period at the beginning of the filename. Now, make sure that your text editor did not append a .txt suffix to the file name. (In Windows, you can do this by right-clicking the icon for the text file and selecting “Properties”.) If the file name does have a .txt suffix (i.e. ‘.htpasswd.txt’), remove the suffix by renaming the file.3. Add the appropriate lines to the .htaccess file.
Using the same text editor (you chose in step 2), input the following.
AuthUserFile /users/george/public_html/admin/.htpasswd AuthName “Title for Protected Site” AuthType Basic Require valid-userNote:
- beside AuthUserFile, you should put the full path, with /.htpasswd immediately following it. The above example shows /users/george/public_html/admin/.htpasswd
- beside AuthName, input the words or phrase that you wish to appear as the title for the username/password input box.
4. Create the .htpasswd file by adding users
- Open up a text editor on your computer. We recommend that you use Notepad (Windows), SimpleText (Macintosh).
- Save the file (in an easy-to-find location) as .htpasswd (including the initial dot).
- Now, make sure that your text editor did not append a .txt suffix to the file name. (In Windows, you can do this by right-clicking the icon for the text file and selecting “Properties”.) If the file name does have a .txt suffix (i.e. ‘.htpasswd.txt’), remove the suffix by renaming the file.
- Before entering code into your new file, make sure that “Word Wrap” is turned off. (In Notepad, select “Format…” from the top navigation bar and make sure that “Word Wrap” is unchecked.
- Begin by selecting the username that you will use to log-in to the protected directory. (Usernames can be between 2 and 16 characters long and should only contain lower-case letters and numbers.)
- Type the username into the .htpasswd file followed by a colon. Your file should look like this: username:
- You’ll now need to encrypt the password that you will use to log-in to the directory. To do this, visit http://users.abac.com/cgi-bin/pass.pl. On this page, enter your password (up to 13 characters) and hit the “Submit” button – the encrypted password will be displayed on the following page.Note: The encrypted password will always be 13 characters long, regardless of the actual length of your password.
- Copy the encrypted password from the webpage and paste it into your .htpasswd file following the colon. Be sure to remove any spaces that may precede or follow the password. Your file should look like this:username:WvePMzyciLRIo
- To add additional users, end the current line with a carriage return and repeat steps (5) through (8) above on the next line.
- When you’re done adding users, save the file.