Password-protecting directories

The following describes how to enforce authentication/password protection using an .htaccess file on a domain or subdirectory. There are two ways to create the .htaccess file:

  • Through the panel
  • Manually creating an .htaccess file

This guide covers both options.

Creating an .htaccess file in your panel

The following procedure overwrites any .htaccess file you may already have. Be sure to backup your existing .htaccess file before beginning the steps on this page.

  1. Navigate to the (Panel > ‘Goodies’ > ‘Htaccess/WebDAV’) page.
    A list of your domains appear on the Htaccess/WebDAV page. Domains must be fully-hosted in order to display here:
    01 Password Protecting Directories.fw.png
  2. Click the domain you wish to password protect.
  3. Click the Set Up a New Directory button.
    The WebDAV configuration page appears:
    02 Password Protecting Directories.fw.png
  4. Make your selections based on the information described in the following table.
    Field
    Field Name
    Action and Description
    1callout.png
    Directory name
    Enter the directory you'd like to protect (leave it blank to protect the entire domain.)
    NOTE: If you wish to password protect a subdirectory, you must first create it in your FTP account.
    2callout.png
    Password-protect this dir?
    Check this box.
    3callout.png
    Enable WebDAV on this dir?
    You can leave this unchecked if you don’t need to use WebDAV on this domain.
    4callout.png
    Directory “name”
    Enter the name you'd like to call this area (this appears in the pop-up window asking for your password).
    5callout.png
    User accounts for this area
    Enter a username and password that is allowed access to the password-protected domain/directory. Each line consists of a single username password in the format 'username password'. In the screenshot above, ‘username1’ uses the password ‘password1’.
  5. When you finish entering the selections, scroll down to the bottom of the page and click the Configure This Directory button.

Within 10 minutes, this directory on your site is protected.

Testing the .htaccess file

Once everything is configured, a new .htaccess and .htpasswd file appear in your website’s directory. The .htaccess file consists of the following code:

### Generated by Dreamhost. DO NOT modify!!! ###
AuthType Basic
AuthUserFile /home/exampleuser/websitehelp.support/public/.htpasswd
AuthName "Members Area"
require valid-user
################################################

The .htpasswd file only shows the encrypted password you chose for username1:

username1:$1$MVq7Nkc/$GTaN0dRkCsiXJpFNxYs8V.
When you visit your website in a browser, a popup authentication box appears that asks you to enter your credentials:
03 Password Protecting Directories.fw.png

Only the users you added through the panel in the ‘User accounts for this area' field are able to access the site.

Manually protecting a directory

Sometimes you may need more control over how your directories are password protected, such as when you wish to assign group access instead of individual users. Or, you might already have an .htaccess file in a directory and you don't want the automatically-generated one to overwrite it. If so, you can manually create and edit the .htaccess file instead of using the panel.

Creating and editing an .htaccess and .htpasswd files

View the .htaccess authentication article for further details on how to manually password protect a directory or file.

See also

Internal links

External links