How to Create Password Protected Directory for Confidential Material

One important thing to do is to create password protected directories for confidential material that’s not available to public, but needs to be shared among team members. In this post I’ll go through how to create .htaccess files to protect your game files. I’m not going to go very deep on usage of .htaccess files in general, but I will tell you the basics you need to know to be able to keep unwanted people from your secret material. There’s also a small script that helps creating crypted password for .htaccess files. To be able to use this information, your web hosting provider must allow usage of .htaccess files for password protection.

Introduction
Basically the system is done like this. First you create a folder in your web server you want to protect (using for example some FTP program like SmartFTP. After you’ve created the folder you will need to put “password file” in your server, and then a .htaccess file to the directory you want to protect.

Step 1 – Create a password file
First you need to create a password file. Password file has no extension (like .txt or .exe), it’s simply a file that you can name like “mypassword”. There’s only one line in our password file. The idea of the password file is to store all usernames and passwords that are allowed to use your protected folder.

I made a small script to help you create crypted password: use this script to create line for your password file.

For example, try using the script above and put “testuser” and “testpass” to the username and password boxes. Then click “crypt password”. You should see a line like “testuser:$1$hKoP5FiQ$AMWwZ./TJusJX4oCCT9zs.” or something. Copy & paste that line to your “mypassword” file.

Step 2 – Put the password file in your server home directory
When you take FTP connection to your web server, you should see file structure like:

ftp.yourdomain.com:

public_html/
email/
www/
.bash
.mail

Put your “mypassword” file with these files. After you’ve done this, your home directory should look something like:

ftp.yourdomain.com:

public_html/
email/
www/
.bash
.mail
mypassword

Now you’ve uploaded the file and can proceed to the next step.

Step 3 – Create .htaccess file
The next step is to create a .htaccess file. Just open your editor and create a file named “.htaccess” (if your computer doesn’t allow you creating .htaccess file, then just create a file called “htaccess” without the dot in the beginning).

The contents of the file should be something like this:

AuthType Basic
AuthName “Protected folder”
AuthUserFile /home/someuser/mypassword
Require valid-user

Replace “someuser” to match your web hosting account name. Like for example, if you have own gamescompany.com then your web service provider might have created you web hosting account with username “gamescom”. Then your AuthUserFile line could look like this: “AuthUserFile /home/gamescom/mypassword”

Depending on your web host, the file content might be bit different. Google or check out wikipedia if you run into some problems. But for now, just create the file.

Step 4 – Create password protected folder and move .htaccess file there
Now you are ready to create a folder to your web server. Create a folder named “protected” and upload the .htaccess file into that folder. If you had to create htaccess file (without a dot in the beginning, then rename your “htaccess” file to “.htaccess” after you have uploaded it to the server).

Step 5 – All done
Now you can try testing your password protected folder. Simply go to www.yourwebsite.com/protected/ and it should ask for an username and password. Type “testuser” and “testpass” (the username and password you crypted in step 1) and you should be able to login. If the system asks password several times, type them several times (it’s bit picky whether you use “protected” or “protected/” in the URL) and you should be able to get in.

In case you encounter problems, check the following:

  • Make sure you typed your username and password correctly
  • Make sure you generated valid username and password (feel free to try crypting again if things don’t seem to work in the first time)
  • Make sure your .htaccess file is valid (consult your web hosting service provider in order to learn the valid format for it)

Finished
When you get things working, you can upload stuff in protected folders and share documents with other team members – safely.

8 thoughts on “How to Create Password Protected Directory for Confidential Material

  1. I think you can send some server credentials in the URL, but not sure how all browsers behave nowadays. I’d try googling for “basic auth” or “htaccess password” or something similar. Maybe try site like http://www.webhostingtalk.com or something.

  2. I want to create and XHTML page with a form to signin to the password protected pages instead of having to signin on the popup. How can I make a form work with the .htaccess file?

  3. You might try contacting godaddy support for this…

  4. I just started with godaddy, and I don’t see a link in the Control panel for password-protected directories. From what I see, .htaccess files are only available on the linux-hosted side, and password protecting is available if you are using godaddy’s website builder.

    I’m creating my pages in front page, but uploading using filezilla.
    anyone know if i could continue to do this if i switched to linux hosted ?

  5. [...] + How To Create a Password Protected Directory [...]

  6. It should also be noted that this is the Apache way of doing things.
    It wont work if you have your webserver hosted on a windows box running IIS, but then if you have your website hosted on a box like that, you deserve everything you get :)

  7. If you use cPanel then there is an option “Password Protect Directories” which allows you to do this. I believe that it uses the same method under the hood.

  8. Or just use subversion.