How to password protect a website folder using .htaccess

1. First you need to create a password file that contains the user account(s) that have access to the directory. Open a new text file called

   .htpasswd

2. Use a password encryption program to create your passwords. Paste the lines into your .htpasswd file and save the file. You will have one line for every username that requires access.
3. Upload the .htpasswd file to a directory on your Web server that is not live on the Web. In other words, you should not be able to go to http://YOUR_URL/.htpasswd - it should be in a home directory or other location that is secure.
4. Then you need to create your HTaccess file for the directory you want to protect. Open a text file called

   .htaccess

5. Add the following to the file:

   
   AuthUserFile /path/to/htpasswd/file/.htpasswd
   
   AuthGroupFile /dev/null
   
   AuthName "Name of Area"
   
   AuthType Basic
   
   require valid-user
   
   

6. Change

   /path/to/htpasswd/file/.htpasswd

   to the full path to the .htpasswd file you uploaded in step 3.
7. Change

   "Name of Area"

   to the name of the site section being protected. This is used primarily when you have multiple areas with different protection levels.
8. Save the file and upload it to the directory you want protected.
9. Test that the password works by accessing the URL. If your password doesn't work, go back to the encryption programs and encrypt it again, remember that the username and password will be case-sensitive. If you are not prompted for a password, contact your system administrator to make sure that HTAccess is turned on for your site.