Password protect a folder with .htaccess
Sometimes it’s useful to have a folder of your website-content password protected.
This can easily be achieved by adding a simple rule to your htaccess-file when using Apache (you can convert your apache .htaccess-file to nginx instructions for example [http://winginx.com/en/htaccess].
You should place the file in the folder you want to protect.
To create a user and a password you run htpasswd from your terminal like:
htpasswd -c .htpasswd userThis will respond with:
New password: Re-type new password: Adding password for user user
Now you can add this rule to your htaccess-file:
AuthType Basic AuthName "Password Protected" AuthUserFile /path/to/your/.htpasswd Require valid-user
For more info try:
$ htpasswd --help Usage: htpasswd [-cmdpsD] passwordfile username htpasswd -b[cmdpsD] passwordfile username password htpasswd -n[mdps] username htpasswd -nb[mdps] username password -c Create a new file. -n Don't update file; display results on stdout. -m Force MD5 encryption of the password (default). -d Force CRYPT encryption of the password. -p Do not encrypt the password (plaintext). -s Force SHA encryption of the password. -b Use the password from the command line rather than prompting for it. -D Delete the specified user. On other systems than Windows, NetWare and TPF the '-p' flag will probably not work. The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.
And keep in mind that if you run
htpasswd [options] [pw-file] [username] [password]
your password will probably be saved in your history-file (eg. if you use bash).