Password Protection with .htaccess and .htpasswd

Here you can encrypt passwords for use with password protection with .htaccess and .htpasswd. This functionality is standard on the Apache webserver and works in all normal browsers. Encrypting passwords means they are not send or stored in clear text.

Enter username and password to encrypt the password and get the resultant line to enter in your .htpasswd file. One line for each user.

Example line in a .htpasswd file with the username "userdude" and password "password":

The PHP code encrypting the password:

How to Setup

Attention: the files must be named as .htaccess and .htpasswd. Files prefixed with .ht will by default not be send to clients by the Apache webserver and if somebody makes a request they will get an error 403 Forbidden.

The htaccess file must contain the following lines and be placed in the folder with the content to protect:

The above will protect an entire folder, if only specific files should be protected replace the line require valid-user with:

It's possible to add multiple entries and add multiple users to an entry.

Path to AuthUserFile

For the system to work the correct path to .htpasswd must be set on the AuthUserFile line in .htaccess. The absolute path to the file on the server must be used and to obtain this you can upload a file to the directory where you're going to store .htpasswd (can be deleted again after use):

The ouput will be something like:

And in .htaccess it will then be:

An example folder structure could be:

mysite/
├── inc/
│   └── .htpasswd
├── admin/
│   ├── .htaccess
│   ├── file01.php
│   └── file02.jpg

When the setup is in place users will be prompted to enter credentials when requesting the pages and files specified.

This page could also be of interest: HTTP authentication with PHP.