DEV Community

Krixnaas
Krixnaas

Posted on

Securing your website through an .htaccess file with password protection

This article details the process of securing a directory via SSH by setting up an .htaccess and .htpasswd file. The following steps are outlined in the article.

Step 1: Generating the .htpasswd file

  • Access your server via SSH.
  • Navigate to the directory you intend to safeguard.
  • Run pwd to confirm the full file path to this directory. You'll need this full path in the next step

[server]$ pwd
/var/www/example

  • Generate an .htpasswd file by executing the following command in the directory you want to secure. This command utilizes the htpasswd utility and the complete path to the directory. For instance, if you're creating a username "admin" for login, execute the following:

[server]$ htpasswd -c /var/www/example/.htpasswd admin

  • Provide a password for the new user named "admin". Upon entering the password, the code in your .htpasswd file will showcase the encrypted password, similar to this format:

admin:$apr1$bkS4zPQl$SyGLA9oP75L5uM5GHpe9A2

  • Verify that the permissions are set to 644 by executing the following command:

[server]$ chmod 644 .htpasswd

Step 2 — Create the .htaccess file

  • Next, create an .htaccess file using the nano editor:

[server]$ nano .htaccess

-To protect an entire website using .htaccess, you can add the following code examples to the .htaccess file:

AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /var/www/example/.htpasswd
Require valid-user
Enter fullscreen mode Exit fullscreen mode

Top comments (0)