Password protect folder and subfolders using htaccess

If you wish to password protect a folder on the server and you want to use the server’s default protection do the following:

1. We need to create a file – “.htpasswd” (hidden file in Unix) which holds the username and encrypted password.  In order to create it there are online tools, but if command line access to the server is available type :
   
   htpasswd -c .htpasswd username

   1	htpasswd -c .htpasswd username

   
   Replace “username” with the actual username you wish to use.
   Running this command will prompt (twice) for a password. This will be the password for this username.
   The system created the requested file for us. We need to take it and place it outside the “html” folder so it is not accessible from outside. The ideal location is just above the “html” folder.
2. In the folder we wish to password protect upload a .htaccess file with the following code:
   
   AuthName "WebPasswords Restricted Area" AuthType Basic AuthUserFile /var/www/mydomain.com/.htpasswd require valid-user

   1 2 3 4

   AuthName "WebPasswords Restricted Area" AuthType Basic AuthUserFile /var/www/mydomain.com/.htpasswd require valid-user

   
   Replace “mydomain.com” with your domain and check the path is correct – could be done by
   
   echo $_SERVER['DOCUMENT_ROOT'];

   1	echo $_SERVER['DOCUMENT_ROOT'];

3. Basically that’s it. If you need more than one password protected directory you can change the name of “.htpasswd” to something like “.htpasswd-nameofdirectory” and use the specific names in the .htaccess file in each directory.