Apache: htaccess Password Protect a Folder
Login to the server and create a htpasswd file. This file will hold the username and a hashed password. This file can hold multiple accounts. Create this file for a user named alice in the current directory:
# htpasswd -c .htpasswd alice
The syntax is as follows:
htpasswd -c <path/to/htpasswd-file> <username to add to file>
You will be asked to type in the users password on creation.
This is how to set/reset/update an existing users password:
# htpasswd .htpasswd alice
Now, in the folder you would like to password-protect, create a file called .htaccess with the following content:
AuthType Basic AuthName "This is a password protected area - please authenticate!" AuthUserFile /path/to/htpasswd require valid-user
Make sure that the htpasswd file is NOT located in the public area of your website. Put it somewhere ‘save’ so that no one can obtain that file using a browser or other tools.