Password-protecting directories

The following describes how to enforce authentication/password protection using an .htaccess file on a domain or subdirectory. There are two ways to create the .htaccess file:

• Through the panel
• Manually creating an .htaccess file

This guide covers both options.

The following procedure overwrites any .htaccess file you may already have. Be sure to backup your existing .htaccess file before beginning the steps on this page.

1. Navigate to the Htaccess/WebDAV page.
2. Click the domain you wish to password protect.

   A list of your domains appear on the Htaccess/WebDAV page. Domains must be fully-hosted in order to display here:

   

3. Click the Set Up a New Directory button.

   The WebDAV configuration page appears:

   

4. Make your selections based on the information described in the following table.

   Field Name	Action and Description
   Directory name	Enter the directory you'd like to protect (leave it blank to protect the entire domain.) NOTE: If you wish to password protect a subdirectory, you must first create it in your FTP account.
   Password-protect this dir?	Check this box.
   Enable WebDAV on this dir?	You can leave this unchecked if you don’t need to use WebDAV on this domain.
   Directory “name”	Enter the name you'd like to call this area (this appears in the pop-up window asking for your password).
   User accounts for this area	Enter a username and password that is allowed access to the password-protected domain/directory. Each line consists of a single username password in the format 'username password'. In the screenshot above, ‘username1’ uses the password ‘password1’.
   Forbid linking to files in this dir?	Check this box if you'd like certain file types to be forbidden.
   Forbidden file extensions	Add the forbidden extensions here.
   Domains that may still link	Add domains that will not be forbidden from accessing this content.

5. When you finish entering the selections, scroll down to the bottom of the page and click the Configure This Directory button.

Within 10 minutes, this directory on your site is protected.

Once everything is configured, a new .htaccess and .htpasswd file appear in your website’s directory. The .htaccess file consists of the following code:

### Generated by Dreamhost. DO NOT modify!!! ###
AuthType Basic
AuthUserFile /home/exampleuser/websitehelp.support/public/.htpasswd
AuthName "Members Area"
require valid-user
################################################

The .htpasswd file only shows the encrypted password you chose for username1:

username1:$1$MVq7Nkc/$GTaN0dRkCsiXJpFNxYs8V.

When you visit your website in a browser, a pop-up authentication box appears that asks you to enter your credentials:

Only the users you added through the panel in the ‘User accounts for this area' field are able to access the site.

Sometimes you may need more control over how your directories are password protected, such as when you wish to assign group access instead of individual users. Or, you might already have an .htaccess file in a directory and you don't want the automatically-generated one to overwrite it. If so, you can manually create and edit the .htaccess file instead of using the panel.

View the .htaccess authentication article for further details on how to manually password protect a directory or file.