Password Protection using htaccess

You can protect your directory or website by .htaccess and .htpasswd file

For password protecting directory also need a file to contain username and password which allowed to access the website, this file to called ".htpasswd". htpasswd placed anywhere on server.

Protct a directory by.htaccess

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /home/public_html/.htpasswd
Require valid-user

Protct a file

<Files test.php>
AuthName "Password Protected Area"
AuthType Basic
AuthUserFile /home/public_html/.htpasswd
Require valid-user
</Files>

Protect multiple files

<FilesMatch "^(test|welcome|login).php$">
AuthName "Password Protected Area"
AuthType Basic
AuthUserFile /home/public_html/.htpasswd
Require valid-user
</FilesMatch>

.htpasswd Syntax

username:password

You can choose hashing algorithms for password

• bcrypt - Apache and NGINX are compatible
• md5 - The Default hashing algorithm of Apache, NGINX does not supoort it.

.htpasswd example

Username is "admin" and password is "test", it is converted in md5

admin:098f6bcd4621d373cade4e832627b4f6