Password protection using .htaccess

You can restrict who has access to sections of your website using the .htaccess file. If you want a private page for a staff message board in your account, you could create a subdirectory called 'staff' in your public_html directory, and place a .htaccess file in it requiring a username/password combination before allowing access.

You must edit your .htaccess file in a a text editor and save in plain text format. Please note that the file is preceded by a ".". The .htaccess file can be uploaded to a directory using your FTP program. It will protect the directory you saved the file to and all of the subdirectories of that directory.


  • AuthName www.yourdomain.com.au
    AuthType Basic
    AuthUserFile /home/username/.htpasswd
    <Limit GET POST>
        Require valid-user
    </Limit>


'www.yourdomain.com.au' and 'username' should be substituted with the appropriate values. Save the document and quit.

To create the password file, log into the server using ssh

Using the htpasswd program, create the list of usernames and passwords. The first time you run htpasswd use the -c switch to create the password file, after the first time, never use the -c switch. You will need to run:


  • htpasswd -c .htpasswd user1


where 'user1' is the username required for authentication, you will be then prompted to enter a password for this user. To add subsequent users run:


  • htpasswd .htpasswd user2


You can add as many users as you wish.