Apache: htaccess Password Protect a Folder

Login to the server and create a htpasswd file. This file will hold the username and a hashed password. This file can hold multiple accounts. Create this file for a user named alice in the current directory:

# htpasswd -c .htpasswd alice

The syntax is as follows:

htpasswd -c <path/to/htpasswd-file> <username to add to file>

You will be asked to type in the users password on creation.

This is how to set/reset/update an existing users password:

# htpasswd .htpasswd alice

Now, in the folder you would like to password-protect, create a file called .htaccess with the following content:

AuthType Basic
AuthName "This is a password protected area - please authenticate!"
AuthUserFile /path/to/htpasswd
require valid-user

Make sure that the htpasswd file is NOT located in the public area of your website. Put it somewhere ‘save’ so that no one can obtain that file using a browser or other tools.