In some cases, you might want to protect your web files or folders with password. Especially if it contains your website login page.
By making it password protected, you will have another extra of security layer where you need to enter a valid username and password before you can enter the login page.
If you are using cPanel, it is very easy. In your cPanel, go to Directory Privacy and select which folders you want to password protect (ie: Administrator folder). Create username and password, and…done!
But it will protect the whole Administrator folder. How about if you want to protect one single file only? Like admin.php?
For an example, you want to protect the admin.php file in this path.
/home/mycpanelusername/public_html/administrator/admin.php
Step 1
You need to create a .htpasswd file and place it outside from public_html folder. Why?
Because anything under public_html is accessible by other people. So to be safe, you can put the .htpasswd at this path.
/home/mycpanelusername/htpasswd/.htpasswd
Step 2
Next, you need to create username and password. To do that, you can use Htpasswd Generator to generate one for you.
The username-password generated might look like this.
pentadbir:$apr1$QAOFJwiy$QjLUKs.6PKTfZfY6T4jtp.
Where the ‘pentadbir’ is the username and the characters after the ‘:’ is the encrypted password. In this example, the password is ‘pentadbir’.
Copy-paste this username-password into your .htpasswd that you have created earlier.
So now you already have .htpasswd ready. Next, to protect your admin.php file, you need to create .htaccess file.
Step 3
To do that, create .htaccess file in the folder that contains the file you want to protect.
/home/mycpanelusername/public_html/administrator/.htaccess
In this .htaccess file, copy-paste the text below.
<FilesMatch "admin.php">
AuthName "Member Only"
AuthType Basic
AuthUserFile /home/mycpanelusername/htpasswd/.htpasswd
require valid-user
</FilesMatch>
AuthUserFile is the path where you put .htpasswd file that contains the username and encrypted password.
Step 4
Done! There is no Step 4 actually. But to test if your admin.php password is working, you can go to the URL.
www.mywebsite.com/administrator/admin.php
You will be prompted with login. Just enter username and password with ‘pentadbir’, and you can access the admin.php page.
Leave a Reply