Set up Directory Protection Using .htaccess and SSH

By using an .htaccess file, you can password protect a directory in your web space. If the data of a website is located in the protected directory, this will ensure only authorized users will have access to it.

  • You use a managed server, Dedicated Serveror are a web hosting customer with SSH access.

Create the Password

To create the .htpasswd file, please proceed as follows:

  • Log in to your server using SSH.

  • Type the following command to create a password file [File Name] for the user [User Name].

htpasswd -Bc [filename] [username]
  • Please enter the desired password; Repeat the input and confirm with Enter. The password will be stored in the file you created, encrypted with the bcrypt encryption method.

Note that the -c option creates a new file and deletes existing entries. If you want to change an existing entry or add a new one, use only the -B option.

htpasswd -B [filename] [username]

Set up password request

Create an .htaccess file with the following content:

AuthType Basic
AuthName "Enter your credentials"
AuthUserFile /kunden/homepages/xx/xxxxxxxxx/htdocs/[folder]/.htpasswd
require user [user name]
  • The character string /customer/homepages/xx/xxxxxxxxx/htdocs/ corresponds to the absolute path to your website (Document Root).
  • The value "Enter your credentials" in the variable AuthName can be customised and will be displayed in the password request dialogue.
  • Replace [Folder] with the folder or the path to the directory containing the previously created .htpasswd file. Pay attention to upper and lower case.

Enable directory protection

Upload the .htaccess file via FTP in ASCII (text) mode to your web space in the directory you want to protect. Current FTP programs, such as FileZilla,  set the required transfer mode automatically.

The directory protection is active immediately and you will be prompted for your password the next time you open the directory or web page in your browser.