How to password protect a web directory.

Password protecting a web directory is useful for restricting access to important information on your website that is not intended for everyone to see.

To password protect your web directory (using the Apache webserver) follow these steps:

1. Create a file called “.htaccess” in the web directory you want to password protect and paste the following code into it. (change the non-bolded text to your own information)

AuthUserFile /your/directory/here/.htpasswd
AuthGroupFile /dev/null
AuthName “Secure Document”
AuthType Basic
require user username

2. Create a file called “.htpasswd” into the web directory you want to password protect. Use a .htpasswd content generator to generate the code for this file (eg. The code output should look like:


(where the *s are the encrypted version of your password)

3. Browse to your website and test the protection. If the password does not work, there is likely an incorrect directory target or typo in the “.htaccess” file:

AuthUserFile /your/directory/here/.htpasswd

A good “.htpasswd” content generator can be found here:
More information can be found here: