.htaccess password protection

The following tutorial gives you step by step instruction on how to password protect your website directory with .htaccess.

There are three simple files involved: .htaccess, .htgroup and .htpasswd all you have to do is make them and ftp them up to your webserver. You put the .htaccess in the directory that you want to protect the other two files go in a directory not visible to anyone but you, get the path right or nothing will work. If your ftp login is elvis the path of your directory looks like this: /home/elvis/www/index.html. Make sure you use an ordinary text editor like windows notepad or simple text for the Mac.

Step 1: MAKE A .htaccess FILE

It should look like this. The first two lines tell where .htpasswd and .htgroup are located and the third line is the title that will be in the password box that pops up to prompt users for their login, user-list is just the name of the group that has access its just a generic term.

AuthUserFile /home/elvis/.htpasswd
AuthGroupFile /home/elvis/.htgroup
AuthName Graceland_Visitors
AuthType Basic

require group user-list

Save this file, call it .htaccess and then ftp it up to the directory that you want to protect.

Step 2: MAKE A .htgroup FILE

This file tells who is in the group “user-list” the syntax is simple user-list: with a space between each of the user’s names.

user-list: john joe dick harry jane spot ryan manos

Save this file, call it .htgroup and ftp it up to the /home/elvis directory.

Step 3: MAKE A .htpasswd FILE

All of the passwords are encrypted so you have to use a program called htpasswd to generate them. There are two ways to do this, one if you have a shell and know how to use it your can telnet to inch.com, login and do the deed from your shell account by typing: htpasswd -c .htpasswd username to create the file and add “username” as the first user. The program will prompt you for a password, then verify by asking again. You will not see the password when entering it here but it will appear in this syntax in the .htpasswd file and your will not have to use the -c flag when writing subsequent passwords since that creates the file .htpasswd, you can now ftp it up to the /home/elvis directory.

If all this was gibberish to you proceed directly to STEP 4.

manos:jEYnEJ3lX3j0Y elvis:MpU4S/Lvr8KlE


Do it the easy way using the Inch Password Generator. Go to the password generator page and use it to make as many passwords as you need then cut and paste them into a text file. GO NOW

After you’ve finished cutting and pasting your file should look something like the file you see above. Now ftp it up to the /home/elvis directory where your .htgroup file is located. Now you can give it a try. Go to the URL of the directory and this window should pop up:

Now if everything was done correctly then you should be immediately authenticated and allowed to enter the site. If it refuses you, you probably made a mistake, most likely in the path to the .htpasswd and .htgroup file in your .htaccess file.

If you want to remove a user then simply use the text editor you assembled your .htpasswd file with to remove that user and his password.-