Search The Hostwinds Guides Knowledge Base

Password Protect Files or Directories with .htaccess

Share This Article [TheChamp-Sharing]

In some instances you may find that you need to secure content on your website and require authentication to access this protected content. This can be achieved by using the awesome flexibility of a little bit of code in your .htaccess file. In this article we will cover how to protect both files and directories using your .htaccess file. If you have not created a .htaccess file or you’re not sure how to edit an already existing .htaccess file, please check out our article: Creating and editing an .htaccess file.

How To Password Protect Files

Please be aware that you’ll need to have a valid .htpasswd file in place, as this is where the authorized user credentials are stored. Only valid users in the .htpasswd file will be able to access the protected content. If you’re not sure what an .htpasswd file is or how to create one don’t worry we’ve got you covered! Please refer to the following guide which discusses the .htpasswd file: How to create and use .htpasswd.

With this example you can see how you can protect a single file using the following code inside of your .htaccess:

#Protect a single file
<Files filename-you-want-to-secure.html>
AuthType Basic
AuthName "Prompt-Here"
AuthUserFile /home/username/.htpasswd
Require valid-user

How To Password Protect Multiple Files

To password protect multiple files, you can simply copy and paste the last example, and replace the filename with the other file. However an cleaner way this can be done can be found in this second example illustrates how to use the FilesMatch directive to ensure the protection of any file that matches the pattern specified in the rule. You can also simply add files to the list separate by the Pipe character ‘|‘.

#Protect multiple files that match the pattern with a password
<FilesMatch "^(file|index.html|file2)*$">
AuthType basic
AuthName "Auth-Name-Here"
AuthUserFile /home/username/.htpasswd
Require valid-user

How To Password Protect Directories

The final example shows you how to password protect a directory that the .htaccess file is in. Usually this is the method recommended if you should need to Password Protect multiple files. Put them into the same directory then password protect the entire directory.

#Secure a directory that the .htaccess file is in with a password
AuthType basic
AuthName "Protected Directory"
AuthUserFile /home/username/.htpasswd
AuthGroupFile /dev/null
Require valid-user

By using any of the examples in this article you should now be able to share content both efficiently and securely with any user that you authorize.

If you make a change that the Web Server is unable to parse correctly, or doesn’t recognize, it may show a 500 error on your site. In which case it is recommended to revert the last change made to the .htaccess file, or rename to something other (such as .htaccess-bak .

Related Articles

If you should have any questions or would like assistance, do feel free to contact us through Live Chat or by submitting a ticket with our Technical Support team.