Password Protect Files or Directories with .htaccess

In some instances, you may find that you need to secure content on your website and require authentication to access this protected content. This can be achieved by using the awesome flexibility of a little bit of code in your .htaccess file. In this article, we will cover how to protect both files and directories using your .htaccess file. If you have not created a .htaccess file or you're not sure how to edit an already existing .htaccess file, please check out our article: Creating and editing a .htaccess file.

How To Password Protect Files

Please be aware that you'll need to have a valid .htpasswd file in place, as this is where the authorized user credentials are stored. Only valid users in the .htpasswd file will be able to access the protected content. If you're unsure what a .htpasswd file is or how to create one, don't worry. We've got you covered! Please refer to the following guide, which discusses the .htpasswd file: How to create and use .htpasswd.

With this example, you can see how you can protect a single file using the following code inside of your .htaccess:

#Protect a single file
AuthType Basic
AuthName "Prompt-Here"
AuthUserFile /home/username/.htpasswd
Require valid-user  

How To Password Protect Multiple Files

To password protect multiple files, you can copy and paste the last example and replace the filename with the other file. However, an cleaner way this can be done can be found in this second example illustrates how to use the FilesMatch directive to ensure the protection of any file that matches the pattern specified in the rule. You can also add files to the list separate by the Pipe character '_**|**_'.

#Protect multiple files that match the pattern with a password
<FilesMatch "^(file|index.html|file2)*$">
AuthType basic
AuthName "Auth-Name-Here"
AuthUserFile /home/username/.htpasswd
Require valid-user  

How To Password Protect Directories

The final example shows you how to password protect a directory that the .htaccess file is in. Usually, this is the method recommended if you should need to Password Protect multiple files. Put them into the same directory. Then password protects the entire directory.

#Secure a directory that the .htaccess file is in with a password
AuthType basic
AuthName "Protected Directory"
AuthUserFile /home/username/.htpasswd
AuthGroupFile /dev/null
Require valid-user

Using any of the examples in this article, you should now be able to share content both efficiently and securely with any user you authorize.

If you make a change that the Web Server cannot parse correctly or doesn't recognize, it may show a 500 error on your site. In which case, it is recommended to revert the last change made to the .htaccess file or rename it to something other (such as .htaccess-bak.

If you should have any questions or would like assistance, please contact us through Live Chat or by submitting a ticket with our Technical Support team.