How To Do Password Protection with Apache

Let’s say you have a directory, like /private, that you want to be password protected. On your Mac or your server, type:

$ htpasswd -c .htpasswd username

where username is the username you want to require. It will then ask you for the password you want to require. Upload the .htpasswd file it creates to the private directory. If you want to add another account, say for newuser, do this:

$ htpasswd .htpasswd newuser

and again enter the password and upload the file.

Now put this in a file called .htaccess in the same directory:

AuthUserFile /path/to/
AuthGroupFile /dev/null
AuthName "Private Stuff"
AuthType Basic
require valid-user

(But change /path/to/ to be the path to your webspace directory on the server. You can also change "Private Stuff" to a message you want to be included in the password dialog. Browsers will probably say something like, "Please enter your password to Private Stuff." or "Realm: Private Stuff".)

Unless your web host in unusually restrictive (if so, you could complain to them), this should cause a password dialog to pop up when you visit or any file in that directory or a subdirectory.