1. Home
  2. Getting Started
  3. Password Protected Directories

Password Protected Directories

You can password protect sections of your website by using the Account Control Center. However, some of our customers prefer to do this manually.

Setting up password protection requires the use of SSH (Secure Shell), so please first read over Connecting With SSH if you are not already familiar with SSH.

Setting Up Usernames/Passwords  

First, connect via SSH to your account, and log in. After you have done so, you'll be in your home directory (/usr/home/username). Stay in this directory.

Next, create your password file. It can be called anything you like, but "htpasswd" is a common choice and the one that we'll be using in this article.

To add each username and password to the file, use the htpasswd command.
It takes two arguments -- the name of the password file, and the
username you are adding:

htpasswd -c passwd username

Only add "-c" after "htpasswd" if you do not already have a password file.
If you already have a password file, and you run the command above, it
will overwrite your current password file. If you are adding usernames to
an existing password file, then the "-c" should be left off.

After running the command above, you will be prompted to enter the new
password twice. The passwords you type will not be shown on the screen.
Continue adding as many usernames and passwords as you like.

Configuring the Directory

Change into your Web directory and go to the subdirectory you'd like to password-protect. If you want to password-protect your entire site, then stay at the top level of your Web directory.

Create a file called .htaccess ( open it if it already exists) and paste into it the following:

AuthUserFile   /usr/home/username/passwd
 AuthName     "keyword"
 AuthType       Basic

require valid-user

Replace username with your account username, and replace "keyword" with any short descriptive word or phrase you desire.

The " valid-user" line allows anyone with a username & password found in your password file to have access to the directory. You can also choose to allow only certain users into the directory, by replacing that line with this:

require user user1 user2

Replace user1 and user2 with any usernames you want to access the directory.

Group Access

In some instances, it might be the case that you have more usernames than it is practical to put in your .htaccess file. Apache provides " access" features for such cases.

To set up group access, you first need to create a file defining your groups. We recommend placing it in your home directory with your password file.

The file should define a single group on each line, with the format being the group name, followed immediately by a colon, followed by a space, followed by the usernames, each separated by a space. A sample file might look like this:

group1: user1 joseph bob eric
group2: joseph mike ben sydney
sports: rick eric user1 john

Each username can belong to as many groups as is required. The group file can be named whatever you like, but a common name is ".group".

If you're using group access, your .htaccess file should look like this:

AuthUserFile     /usr/home/username/passwd
AuthGroupFile   /usr/home/username/passwd.group
AuthName      "keyword"
AuthType       Basic

require group groupname

Replace username with your account username. You can allow more than one group by listing them on the " group" line, separated by spaces.

Updated on April 10, 2018

Was this article helpful?

Related Articles