How To Password Protect a Single File with HTAccess

Login Screen
blackred/E+/Getty Images

Password protection with htaccess is an important way to protect your files from unwanted access. Most people password protect an entire directory or website, but you can password protect individual files if you want to.

Difficulty: Average

Time Required: 15 minutes

Here's How:

  1. Open a new text file called
    .htpasswd
    Note the period at the beginning of the filename
  2. Use a password encryption program to create your passwords. Paste the lines into your .htpasswd file and save the file. You will have one line for every username that requires access
  1. Upload the .htpasswd file to a directory on your Web server that is not live on the Web. In other words, you should not be able to go to http://YOUR_URL/.htpasswd - it should be in a home directory or other location that is secure.
  2. Then you need to create your HTaccess file for the file you want to protect. Open a text file called
    .htaccess
  3. Add the following to the file:
    
    AuthUserFile /path/to/htpasswd/file/.htpasswd
    
    AuthName "Name of Page"
    
    AuthType Basic
    
    
    
      require valid-user
    
    
    
  4. Change
    /path/to/htpasswd/file/.htpasswd
    to the full path to the .htpasswd file you uploaded in step 3.
  5. Change
    "Name of Page"
    to the name of the page being protected.
  6. Change
    "mypage.html"
    to the filename of the page you're protecting.
  7. Save the file and upload it to the directory of the file you want protected.
  8. Test that the password works by accessing the URL. If your password doesn't work, go back to the encryption programs and encrypt it again, remember that the username and password will be case-sensitive. If you are not prompted for a password, contact your system administrator to make sure that HTAccess is turned on for your site.

    Tips:

    1. This will only work on Web servers that support Htaccess. If you don't know if your server supports Htaccess, you should contact your hosting provider.
    2. Make sure that the .htaccess file is text, not Word or some other format.
    3. To keep your passwords secure, the user file should not be accessible from a Web browser - but it must be on the same machine as the Web pages.

      What You Need:

      • htaccess on your Web server
      • text editor