Manually Set Up Directory Protection Using .htaccess and FTP

For Linux Web Hosting packages and Managed Dedicated Servers

Learn how to manually set up password protection for an area of your website, so that access is limited only to those with passwords.

It is suggested to use the Set Up Protected Directories guide, as it requires no manual configuration.

Step 1

Create a file named .htaccess locally on your PC with the following content:

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /kunden/homepages/xx/xxxxxxxxx/htdocs/[folder]/.htpasswd
require valid-user 
  • The /customers/homepages/xx/xxxxxxxxxxxxx/htdocs/ section is an example of the absolute path to your webspace.
  • You can replace the Password Protected Area text with any text.
  • Replace [folder] with the name of the folder you want to protect. Be sure to capitalize any letters in the folder name.
Step 2

Now create a file named .htpasswd and enter the desired user names and passwords line-by-line, according to the following format:

User1:EncryptedPassword
User2:EncryptedPassword

It is important that the passwords entered in the text file are not plain-text. Please only enter hashed (encrypted) passwords, as in the example below.

jsmith:$apr1$s24qtp5x$l.Pv6.geDvGgullGdvwmY1
jdoe:$apr1$jpxqe82a$QdzA9RfBmn7HdmfrHSYIP1
Step 3

Transfer both files to your webspace using Secure FTP.

The directory protection is immediately active and the next time you access the directory or page in the browser, you will be prompted for a login.