Password Protect a Directory

Password protecting a directory is easy to do, all you have to do is :

  1. Add some code to your .htaccess file
  2. Create a file called .htpasswd
  3. Select a username and generate an encrypted password and then add them to your .htpasswd file

Code to add to your Htaccess

You need to add the following code to your .htaccessfile.

AuthType Basic
AuthName "Name of your secure area"
AuthUserFile /fullpath/to/your/directory/.htpasswd
require valid-user

You need to edit the file accordingly.

  • Name of your secure area = You can call this anything you want ie. Secure Area or Members Area or whatever.
  • Full Path To Your Directory = This is the absolute path to the directory where your .htpasswd file is saved.

Here’s an example :

AuthType Basic
AuthName "Private Area"
AuthUserFile /home/mysite/.htpasswd
require valid-user

Create a file called .htpasswd

You create a .htpasswd file the same way you created the .htaccess file. All you need to do is create a blank document and save it as .htpasswd.

For security reasons, it is best to place this file above the root of your domain ie. place it in something like /home/mysite/ instead of /home/mysite/public_html.

Create a username and password

The username and password added to your .htpasswd file is in the format :


So my generated password might be something like


So how do I encrypt my password in this way?

Well there are a number of ways but the quickest and easiest is to use one of the many encryption sites on the web.

Just use any of the scripts below to generate your encrypted password.

Once you have your username and password, simply add the line to your .htaccess file.

Now go and test it out and see if your directory is now password protected 🙂

Password Protect a Directory Comments

  • To give additional users access to a directory simply add another line with a username and encrypted password
  • Only the password is encrypted, the username is not encryped

How to Stop Directory Listing

If you have a lot of files in a directory but no index file, your server will list all the files in that server.

This can cause a lot of problems. For example, one of the most common directories which webmasters forget to hide is the images folder. This allows everyone to view all the images in their images folder. This isn’t usually a major problem though you may have more important files in a directory, perhaps important documents or software.

You can stop this from occurring from using the following code :

IndexIgnore *

The * is a wildcard and stops the server from listing any type of file. You can of course only stop certain files or file types from being listed.

For example :

IndexIgnore *.gif *.jpg *.png accounts.doc

The above code would stop all gif, jpg and png graphics files from being listed.

The accounts.doc document would be blocked too however all other .doc files would be shown.

Basically the IndexIgnore command lets you decide what files in a directory visitors can see.

You can upload an .htaccess file for every directory you want to stop people viewing but it’s more practical to place everything in your main .htaccess file (ie. your root .htaccess).

To do this all you need to do is include the path to the folder(s) you want to protect.

So to block people viewing the files at and you would the following code to your .htaccess :

IndexIgnore /images/*
IndexIgnore /banners/*

Change the Default Directory Page

When you load a directory on the web, for example or, the apache server usually looks for the index.html file.

If it can’t find that it will look for index.php or index.cgi. Index.html is usually the page with the highest priority and the one which is loaded first.

It is possible to change the default directory index page. Say, for example, you wanted visitors to go to notice.html instead of index.html. All you have to add to your .htaccess file is

DirectoryIndex notice.html

This can be extended so that the server looks for other files if it cannot find the first one.

DirectoryIndex notice.html index.cgi index.php index.html

Priority goes from left to right. So the server would look for notice.html. If that file is not there it will look for index.cgi, then index.php and then index.html.

You can do to this within any directory on your site. Simply upload an .htaccess file with the above code. Remember, this will supercede the .htaccess file at the root of your domain.

Deny a user by IP Address

There may come a time when you unfortunately need to ban someone from visiting your website completely.

This is very easy to do using htaccess and can be useful if there is a spammer or disgruntled member attacking your site (something which unfortunately happens a lot to forum and blog owners).

To ban someone completely all you need to do is add the following code to your .htaccess file.

Simply replace the ip address below with the ip of the person you want to ban

#ban users from visiting the site
order allow,deny
deny from
allow from all

If you want to ban more people you simply add more lines, like this :

#ban users from visiting the site
order allow,deny
deny from
deny from 987.65.4.3
deny from
allow from all

Force users to use the WWW or Non-WWW version of your domain

To avoid duplicate content in search engines you can force users to use either the www or the non-www version of your website domain.

This avoids search engines such as Google indexing two versions of your domain, something which is quite common because people link to both www and on-www versions of a domain (known as the www/non-www canonical issue).

It really doesn’t matter if you use or I personally use www on most sites I own however many people prefer to drop it, it’s really up to you.

Force users to use

To force users to use the www version of your domain all you have to do is add the following code to your .htaccess file (just replace with your domain name).

# Redirect non-www urls to www
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.yoursite\.com
RewriteRule (.*)$1 [R=301,L]

Alternatively you can use :

# Redirect non-www urls to www
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule (.*)$1 [R=301,L]

Force users to use

To force users to use the non www version of your domain all you have to do is add the following code to your .htaccess file (just replace with your domain name).

# Redirect www urls to non-www
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.yoursite\.com [NC]
RewriteRule (.*)$1 [R=301,L]

Alternatively you can use :

# Redirect www urls to non-www
RewriteEngine on
RewriteCond %{HTTP_HOST} !^example\.com
RewriteRule (.*)$1 [R=301,L]

Notes about this technique

Many popular scripts, particular content management systems (CMS’s) edit the .htaccess file and add their own redirection so you may not have to add any of the code noted above. Infact, by adding the redirection code noted above you could actually mess things up.

For example, the popular blogging script WordPress adds redirection to the .htaccess file. You simply chose the correct domain name in the admin panel and it takes care of everything else. And if you do add the code to the .htaccess file it messes things up a little. It does still redirect non-www to www (and vice versa) but it just redirects the visitor to the home page (ie. would redirect to instead of

If this sounds a little confusing, don’t worry. Just remember that certain scripts already apply a redirection and so trying to add a redirection code to the .htaccess file can mess things up, at the very least it will unlikely work the way you want it to.

How to setup a 301 Redirect

A 301 HTTP response status code is a way of telling search engines that a page, pages, directory or entire website has been permanently moved to another place on the web.

Htacess Redirect

This is very useful if you have changed the structure of your websites url’s or if you have moved domain. You can also redirect your entire site.

Whereas a 301 code tells search engines that something has been permanently moved, a 302 code tells search engines that something has been temporarily moved. This is useful if you only want to redirect a page for a short period of time. To do a 302 redirect simply change the 301 part to 302.

You can also use 303, which is means ‘seeother’ and the page has been replaced by something else. Again, to do this simply substitute 301 with 303 in the tutorials below.

How to setup a 301 Redirect

The basic code for redirecting is :

Redirect 301 old_location new_location

The old location of the file has to be the absolute path from the root of your server. The new location should use http.

Htacess to Redirect Pages

Saving your page’s ranking, search position and it’s indexed age are important to maintaining your sites traffic. Moving one or more files into a new named folder can result in better website organization or to simplify your sites categories but if you don’t redirect the crawlers to index your new page(s) then your new pages will be sent back in the searches like a newly created webpage pages.

Htacess SEO Redirect

Picking a strong folder name or page name based on top searched keywords is one way to SEO improve your keyword focus and page ranking.

So for example, if you want to move a file called productreview.html from the root of your site to a subdirectory called products you would use :

Redirect 301 /productreview.html

How to setup a 301 Redirect

If you have moved your domain to another site you may want to redirect the whole site.

To so this you simply use the following code:

Redirect 301 /

How to Redirect your 404 error to a Custom Page

A 404 error message is the standard HTTP standard response code which is returned when the visitor cannot communicate with the server. Visitor gets a standardized undesirable 404 Error Page

This is a very common error on the web and it occurs when you are trying to visit a page which has either been deleted or has been moved somewhere else.

For example, if you change the structure of your website and move a certain directory to a different part of your site, anyone trying to visit the old page url will get a 404 error message.

404 Error Messages

A 404 error is pretty much lost traffic with in your website. You have managed to get the visitor there with your SEO efforts but a changed page over site results in the visitor getting the generic server 404 error messages. A lot of standard 404 messages are useless and do not even refer your visitor back to the homepage. A 404 error message usually looks something like this :

Not Found

The requested URL /index.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a mod_bwlimited/1.4 PHP/5.2.6 Server at Port 80

Example of Windows Internet Explorer 10 404 Error Message – 404 Error Page

404 Error Message Reality

If a visitor comes to your site and sees a standard 404 error message it’s unlikely they will make the effort to see any part of your site. Therefore it is very important to create a 404 page on your site and redirect traffic from incorrect urls.

Thankfully, htaccess makes this very easy. First of all you need to create a 404 error page. So for example, you would create a page at which says something like :

It appears you are looking for something which isn’t there. Either you have entered an incorrect URL or we have messed up. Why not visit our home page or alternatively, search for what you are looking for in the search box below.

Whilst a 404 error page does not send the visitor to the exact page they want, it can be used for a better presentation of your website. Offering the visitor other page options, alternate choice to go back and generally point them in the right direction is better than them leaving ASAP.

The 404 .htaccess error page keeps them on your site pages so that they are more likely to stay and find what they want on your site.

htaccess 404 Error Code

Once you have your 404 page setup, all you need to do is send visitors of incorrect url’s to this page. To do this just add the following line to your .htaccess file :

ErrorDocument 404 /404.php

Most often, the .htaccess file will be in the home root public_html folder on your server. This can change, for an example if you run you site or blog out of a specific folder within the public_html.

Alternately, You can place the 404 error template anywhere you want in a folder. For example you could place all error messages in a folder called errormessages refererring the 404 error to the url of the page.

ErrorDocument 404 /errormessages/404.php

That’s all there is to it.

Now when a visitor views an incorrect url on your site they will see your custom 404 error message.

404 Error Messages Comments

Don’t have 404 error handling system? Set up a .htaccess file with quick ErrorDocument 404 code link sending your visitor back to the index home page. When you have more time code a custom 404 error page with the information you want.

ErrorDocument 404 /index.html Adjust code to reflect your home page file name: / “to your index page” You can test if 404 error redirect is working by going to a page within your site, url other than home page, type in a few junk characters in the addresses file box name .. and if 404error working browser sends you or you visitor to the home page. Good quick temporary fix!

Page Errors Adsense: If your operating your sites with Google(R) Adsense, you probably seen a larger focus on page errors in your account with any crawler errors listing of your bad site(s) page . Users don’t like 404 page errors as it decreases the user experience. Do a little revenue optimization and site health by solving page errors one by one … best use a 301 redirect for each page error in your htaccess file

404 error Reference, Notes, Tips

A 404 error is classified page as “Not found” or non existent url. A 410 error is a “Gone” response code.

HTTP response code 404 tells both browsers and search engines that your page doesn’t exist. Page content and ranking position will be lost, neither the page be crawled or indexed, by your top Google, Bing or Yahoo search engines.

How to stop someone looking at your htaccess file

One of the first things you want to do is make sure no one tries to look at your .htaccess file.

This is actually very easy to do, all you need to do is make use of the Files option.

Just enter the code below to block people seeing your .htaccess file.

# Block people seeing the htaccess file
<Files .htaccess>
order deny,allow
deny from all

How do you Edit the .htaccess File?

Before you upload an .htaccess file to your server, make sure there is not already one there. Your host panel or perhaps a script you have uploaded may have already changed the htaccess for some reason so you don’t want to overwrite it as doing so could change something important on your site.

Htacess Changes in Cpanel

For example, in cpanel, you can setup 301 redirects very easily but this tool is simply a script which changes the .htaccess for you.

So even though you may not realise it, when you use the redirect script via cpanel, it updates your .htaccess file for you and it’s the .htaccess file which controls the redirect for you (the redirect tool just makes it easier for those who are not familar with .htaccess).

Htacess Created from Cpanel

So if there is an .htaccess file on the server already, you want to ensure that you download the htaccess file and then edit it before reuploading. This will ensure that nothing you or someone else has setup previously is changed.

If there is no .htaccess file there then you need to create one. Thankfully, this is very easy to do. All you need to do is open a text editor and save a blank document as .htaccess. Save the file exactly as it is stated there in bold ie. there is no writing before the extension. You need to save it as .htaccess and not htaccess.txt or document1.htaccess or whatever.

Htacess Upload to Server

When uploading you should always :

  • Upload in ASCII mode, not binary
  • CHMOD the file to 644 (this isn’t absolutely necessary per say but it’s advisable, it means your server can access it but it can’t be seen via a browser).

Htacess Comment Organization

Also, after editing your .htaccess file several times it may look a little complicated so I recommend adding a comment above the longer parts or sections of code so that you know what each section is for when you look at the file again at a later date.

Htacess Comment #

To add a comment to the htacess file you simply start the line with #, any code written after the # in the start of the line will not be executed.

Htacess Comment Line Examples

# Index Page
# Redirects 301 for Recent Pages
# Errors 404 Pages

This is simply a reference for you in the future (and anyone else who may be working on your website ie. co-admin or whatever).

Edit the .htaccess File Reference

Comment Organization: When you need to create, say more that 15-20 redirect, 404 errors, custom htaccess coding it can get confusing and a waste of your time searching for the line, especially if you or others have not been into the htaccess file for a while. Extra time grouping related htaccess code lines can save some aggravation search time.