Password Protect a Directory

Password protecting a directory is easy to do, all you have to do is :

  1. Add some code to your .htaccess file
  2. Create a file called .htpasswd
  3. Select a username and generate an encrypted password and then add them to your .htpasswd file

Code to add to your Htaccess

You need to add the following code to your .htaccessfile.

AuthType Basic
AuthName "Name of your secure area"
AuthUserFile /fullpath/to/your/directory/.htpasswd
require valid-user

You need to edit the file accordingly.

  • Name of your secure area = You can call this anything you want ie. Secure Area or Members Area or whatever.
  • Full Path To Your Directory = This is the absolute path to the directory where your .htpasswd file is saved.

Here’s an example :

AuthType Basic
AuthName "Private Area"
AuthUserFile /home/mysite/.htpasswd
require valid-user

Create a file called .htpasswd

You create a .htpasswd file the same way you created the .htaccess file. All you need to do is create a blank document and save it as .htpasswd.

For security reasons, it is best to place this file above the root of your domain ie. place it in something like /home/mysite/ instead of /home/mysite/public_html.

Create a username and password

The username and password added to your .htpasswd file is in the format :


So my generated password might be something like


So how do I encrypt my password in this way?

Well there are a number of ways but the quickest and easiest is to use one of the many encryption sites on the web.

Just use any of the scripts below to generate your encrypted password.

Once you have your username and password, simply add the line to your .htaccess file.

Now go and test it out and see if your directory is now password protected 🙂

Password Protect a Directory Comments

  • To give additional users access to a directory simply add another line with a username and encrypted password
  • Only the password is encrypted, the username is not encryped

How to Stop Directory Listing

If you have a lot of files in a directory but no index file, your server will list all the files in that server.

This can cause a lot of problems. For example, one of the most common directories which webmasters forget to hide is the images folder. This allows everyone to view all the images in their images folder. This isn’t usually a major problem though you may have more important files in a directory, perhaps important documents or software.

You can stop this from occurring from using the following code :

IndexIgnore *

The * is a wildcard and stops the server from listing any type of file. You can of course only stop certain files or file types from being listed.

For example :

IndexIgnore *.gif *.jpg *.png accounts.doc

The above code would stop all gif, jpg and png graphics files from being listed.

The accounts.doc document would be blocked too however all other .doc files would be shown.

Basically the IndexIgnore command lets you decide what files in a directory visitors can see.

You can upload an .htaccess file for every directory you want to stop people viewing but it’s more practical to place everything in your main .htaccess file (ie. your root .htaccess).

To do this all you need to do is include the path to the folder(s) you want to protect.

So to block people viewing the files at and you would the following code to your .htaccess :

IndexIgnore /images/*
IndexIgnore /banners/*