.htaccess provides a easy way of password protecting directories on your website, requiring users to enter a username and password in order to gain access. The process involves creating two files on your server – one for protecting the directory, and one for storing the usernames and passwords.
First, create a .htaccess file in the directory you want to protect. In the file, you need to enter the following:
AuthUserFile /path/to/.htpasswd AuthGroupFile /dev/null AuthName "Private Area" AuthType Basic require valid-user
Next, create the .htpasswd file on your server. This can be at a location not accessible via your site’s host name (e.g. outside of public_html or www folders) or within the directory you want to password protect.
In this file, you can enter the usernames / passwords allowed to access the protected directory, like so:
user1:$apr1$PdOCG6JI$L6nINuh8L2.A5CM6q0H9A/ user2:$apr1$XEvewxg7$dtPPm8vvhxwW5Zo9hudIY1
The above two lines translates into two users, user1 and user2. Each user should be on a separate line. The passwords are as follows: pass1 and pass2, respectively. You can generate your own username and password using this handy website. For the above two examples, I used the MD5 algorithm to encrypt the passwords.