Password-Protect Folders in Seconds
videos

Password-Protect Folders in Seconds

on Jul 31st 2012 with 39 comments
Tutorial Details
  • Topics: Apache
  • Difficulty: N/A
  • Length: 10:30
Download Source Files

In this lesson, I’ll demonstrate how easy it is to password protect folders with Apache. There will often be situations when you don’t need to build a full authentication system from scratch.

Choose 720p for optimal viewing.

 
Enjoyed this Post?

Subscribe to our RSS Feed, Follow us on Twitter or simply recommend us to friends and colleagues!

By

Rollover to read this author's bio or click through to see a full list of posts by this author.

I'm the editor of Nettuts+, and love making the process of building for the web as easy as possible. Also, I'm finishing up my latest book on Laravel Testing! If you want be friends, say hi on Twitter.  

Plus Premium
 
 
Note: Want to add some source code? Type <pre><code> before it and </code></pre> after it. Find out more
  • alireza

    thankd jeffrey for all.

  • First-developer

    Nice tip. Thanks Jeff ;-)

  • http://www.basiscode.de Dirk

    Nice and easy tutorial. Learned some things like the possibilbity to create the passwordfile with apache. Thanks. Btw: Which tool do you use as terminal? I like the “tree”-command :-)

    • http://baylorrae.com Baylor Rae’

      It’s available in HomeBrew as a formula.

      brew install tree

      • http://www.jeffrey-way.com Jeffrey Way
        Author

        Yep

  • http://community-auth.com/ Brian Temecula

    It’s probably worth noting some of the cons of this approach to authenticating a user, even when the need is basic. Although you did talk a little about the location of the .htpasswd file, you wouldn’t want to give somebody the false impression that that is the only security risk, and that by placing the file above root they are golden.

    • http://www.jeffrey-way.com Jeffrey Way
      Author

      True – good point. We can all list some of the potential downsides in the comments.

  • http://www.thekoder.com/ Nadav

    The tutorial itself is good, but I don’t understand why people use this method for authenticating users. This method is pretty old, and I guess there are tons of ways to crack it.

    The only advantage of htpasswd, as I see it, is that it provides fast (“Password-Protect Folders in Seconds”) and simple way of securing your project during development. People who will use this feature for production use are stupid, in my opinion.

    The only place I see this feature is inside my home-router.

    • http://www.jeffrey-way.com Jeffrey Way
      Author

      It’s not meant for authenticating regular users. It’s for those situations when an application doesn’t warrant a membership system, built from scratch. If you only need a single protected folder, maybe for a makeshift blog or something. Or maybe you have a wiki that you only want to give folks in your company access to. In these cases, keep it simple.

  • Tim

    Jeffrey, nicely explained tut! I’ve experimented with this method before, but I reached a stumbling block and went an alternative route. Basically I wanted a password protected folder that once accessed presented the Apache index listing of the files it contains. Unfortunately it would only allow me to either password protect the directory OR view the index, but not both at the same time. Any ideas why this wouldn’t work?

  • http://imleonardo.com Leonardo

    Sorry for the stupid question but how do I connect to the server (apache)?

    • http://www.jeffrey-way.com Jeffrey Way
      Author

      No stupid questions. :) Do you have installed Apache installed on your system? Or, are you using Mac or PC?

      • http://imleonardo.com Leonardo

        Well I have hired a linux server from a hosting site and I sure that run apache but I don’t know anything else about it

      • Rashidul

        appreciate the comment :) I’m fall in love with u man!

  • Richy

    I cannot even download the source :( Using Win 7 and latest Chrome

    This XML file does not appear to have any style information associated with it. The document tree is shown below.

    AccessDenied
    Access Denied
    9AACA08C0AEE34A9

    GyGn6fhRzWir1geU/nuR0JtaY2f4/T7XVIBiXk4MkSyRc6/FKWEk1LhSKFoGDoj6

    • http://www.jeffrey-way.com Jeffrey Way
      Author

      Fixed! Sorry about that.

  • samir

    thank you jeffrey way allways making usefull tutorial. we missed you here in your own homeSite
    can you make us a tutorial about MVC explaining just the basic idea of it
    thank you very mutch

  • http://codeforest.net Codeforest

    Nice tip, Jeffrey.

    As more and more sites are switching to nGinx web server, it would be nice to make one for that server, too.

  • http://www.stefanneubig.com Stefan

    I wouldn’t to it with the webserver. Its much easier to do exactly the same with your scripting language:

    For PHP have a look here:
    http://php.net/manual/en/features.http-auth.php

    This way it doesn’t matter if you user Apache or Nginx or whatever.

  • http://dice.wordpress.com kanuj bhatnagar

    I had to hide a certain development folder from the client/public view, so I opted for this method. The thing is, that in shared hosting environments, you may need to provide the relative path of the .htpasswd file to htaccess. I spent hours trying to figure out why the htaccess file wouldn’t work. To get around this, I simply did a

    echo getcwd();

    and that printed out the relative path to the htpasswd file. I put that into the htaccess, and it worked.

  • ChrisB

    Thanks Jeff! Just had to do this two weeks ago – this tut would have helped greatly.

  • Fily

    Wow, I really enjoy your tutorials, you used to do a lot more than now days. Thanks a lot!

    Please don’t let Nettuts to be the new Lynda.com for PHP.

    • http://www.jeffrey-way.com Jeffrey Way
      Author

      What do you mean by that?

  • Fily

    Sorry Jeff but I feel like PHP has been the main topic in NetTuts lately. I hope you don’t get offended by that I really love Nettuts.

    I really enjoy everything you do!

    • http://www.jeffrey-way.com Jeffrey Way
      Author

      It’s always been the core language on the site.

  • Fily

    Previous post is mine, avatar didn’t show up.

  • Fily

    Hmm, my previous post doesn’t show any more!

    Jeff, what I meant to say is that I have seen more tutorials about PHP than anything lately. I do understand that its hard to please every one but I just feel like you have been focused more on PHP. I hope you don’t get offended by my silly post. I really enjoy your tutorials and Nettus in general.

    I’m a BIG fan of your work, again don’t get this in the wrong way. I have learned a lot from you.

    • begs

      I don’t agree to that.
      Nettuts’ main language is PHP. But nettuts doesn’t focus it’s tutorials on PHP.

      Over the last months nettuts released so much tutorials without even mentioning PHP in them (Ruby, Javascript, Git, WordPress, CSS…)
      And i do like this mix very much.

      Some techniques like TDD, DDD or Design Patterns are explained using PHP, but easily to be recreated in other languages.

      Rock on exactly like that nettuts!

  • http://praveenpuglia.wordpress.com pravs

    hey jeff! i used this method and it worked well for the first time around just the natural way..after that its not even prompting me for username and password. i made no changes to the file locations or to the file itself..dunno what went wrong :(

    • http://www.jeffrey-way.com Jeffrey Way
      Author

      Yeah – it keeps you logged in. If you want to easily test it again, just change the username in your .htpasswd file.

  • http://www.unlockhtc.co/ Sudheer Ranga

    I used eleve2 hosting and they use lightspeed webserver instead of apache. Does this work the same on lightspeed server too?

  • http://www.lulurbali.net Mamay

    Thanks Jeff, nice info

  • http://www.agenciatriskel.com.br Triskel

    Another great tutorial! Congratulations.

  • http://coder-design.com/ coderdesign

    Great tutorial. Thanks for sharing.

  • http://webaloy.net/ Mirza Md. Hasan

    Thanks Jeff, nice post. Can you tell me how can I set up a video like this in my blog? It’s developed with wordpress.

  • Chris M.

    Thanks for the great post. I’ve inherited a community website with .htaccess pword users EVERYWHERE. I would like to move away from that sooner than later. BUT In the meantime this comman-line alternative would be much quicker than logging into cpanel to give permissions (slow, slow). I did notice that when I added a user to to the .htaccess it deleted the previous user (I’m guessing it’s overwriting the .htaccess file). Can I just add the user or append the .htaccess. Any tips would be greatly appreciated. Otherwise I will be forced to not be lazy and go read more man pages.

  • http://mulatahosting.com/ Andrés

    Thanks for the tutorial, very useful

  • http://www.facebook.com/abbyabhishek Abhishek Prakash

    Hi Jeff.

    I am not able to configure my apache.

    I am using Ubuntu 12.04. When i first opened my httpd.conf file, it was empty. So i added

    #setup your root dir

    AllowOverride All
    Order allow,deny
    Deny from all

    and restarted the apache. But its not working.
    Can you tell me the workaround for this?

  • http://www.facebook.com/profile.php?id=1316350592 Kenny Landes

    Honestly, you just talk too damn fast. Maybe a little less coffee?