Hi All,
I have a question: what’s the best way to password protect a directory on my website without setting up php scripts? Thanks in advance!
1 Like
The best way to password protect directory on website is with .htpasswd and .htaccess
Here is how to do this.
- Choose a user name and password. Now, you need to encrypt password to use for .htpasswd
You can use any of these tools to encrypt password:
http://www.4webhelp.net/us/password.php
http://www.tools.dynamicdrive.com/password
For example, if you choose user name: demo and password: Demo123,
the result will be line like this: demo:93EiPZZQoIKUA
- Create file named .htpasswd and put there just this line with user name and encoded password.
- Upload .htpasswd to server, preferable to directory that is not accessible from web. For example: /home/mydir/
- Create .htaccess with the following content:
.htaccess
AuthUserFile /home/mydir/.htpasswd
AuthType Basic
AuthName "Enter your password"
Require valid-user
- And finally, upload .htaccess to directory you want to password protect.
This will protect the entire directory (all files and subdirectories). If you wish to protect entire website, you need to place .htaccess to web root directory.
If you need to protect certain files (not entire directory) you need to put to your .htaccess the following code:
.htaccess
[code]AuthUserFile /home/mydir/.htpasswd
AuthType Basic
AuthName “Enter your password”
<Files “memberonly.html”>
Require valid-user
[/code]
1 Like
Is this still valid?
I’m also wondering if this is what admin-dashboard websites use…Do they use the .htpasswd to password-protect directories, or do they use a server side language and database to manage the users who can view the admin panel?
Yes it is still valid and is most likely not the method used for admin panels. Those would use a DB and a server side language for authentication.
1 Like