Protecting a Website or Directory with a Password Using .htaccess and .htpasswd
Securing a website or a specific directory with a password is a simple yet effective way to restrict access. This can be done using .htaccess and .htpasswd files in Apache. The .htaccess file controls access, while the .htpasswd file stores the usernames and hashed passwords.
Video Instruction
The video instructions show a slightly different setup option.
Creating the .htpasswd File
The .htpasswd file contains credentials in the format:
username:hashed_password
Since storing passwords in plain text is insecure, we must hash them using a secure algorithm like MD5 or bcrypt. You can generate a hashed password using an online service such as htpasswd generator. Once generated, save the .htpasswd file in a secure location, preferably outside the web root.
Configuring .htaccess to Require Authentication
To password-protect an entire website or a specific folder, create (or edit) the .htaccess file inside that directory and add the following lines:
AuthType Basic AuthName "Restricted Area" AuthUserFile /path/to/.htpasswd Require valid-user
AuthType Basicenables basic authentication.AuthNameis the message shown in the login prompt.AuthUserFilespecifies the path to the.htpasswdfile.Require valid-userallows access only to users listed in.htpasswd.
Allowing Multiple Users
You can add multiple users to .htpasswd, each with a hashed password:
user1:$apr1$abcdefg$xyzxyzxyzxyzxyzxyzxyz user2:$apr1$1234567$abcdefghijklmnopqrs
Each user will be able to log in using their unique credentials.
Restricting Access to a Specific Folder
Instead of protecting the entire site, you can apply authentication to a single directory. Place the .htaccess file inside that folder, and it will protect only that directory and its contents.
Testing the Protection
Once configured, try accessing the protected area. A login prompt should appear, requiring valid credentials to proceed. If authentication fails, access will be denied.
Removing Password Protection
To remove password protection, simply delete or comment out the .htaccess rules. By using .htaccess and .htpasswd, you can easily secure private areas of your website without requiring complex authentication systems.
Similar posts:
-
How to Run (Deploy) a Single Page Application (SPA) on Shared Hosting
Building modern websites with Vue or React has become the standard practice in web development. However, when you try to deploy a Single Page Application (SPA) to a regul...
-
Cheat sheet for work with Git
Git is an indispensable tool for managing versions of code in development. It allows you to track changes in the project, return to previous versions and work effectively...
-
Configuring HTTPS for Nginx
HTTPS stands for Hypertext Transfer Protocol Secure, and it is the secure version of HTTP, the protocol used for communication between your web browser and a website. HTT...
I got what you intend, regards for putting up.Woh I am thankful to find this website through google. “Since the Exodus, freedom has always spoken with a Hebrew accent.” by Heinrich Heine.