Cantech Knowledge Base

Your Go-To Hosting Resource

  1. cPanel
  2. Steps to Enable Password Protection for .htaccess?

Steps to Enable Password Protection for .htaccess?

Introduction

.htaccess is a simple configuration file that controls how Apache handles requests on your website. One of its powerful uses is to lock folders with a password so that only an authorised person can access them.

You just need two files to make it work. One file stores login details, and the other file controls access.

Remember that both files are hidden by default on the server. To view them, use an FTP tool like FileZilla and enable the option to show hidden files. Also, make sure you save files as “All Files” type in Notepad or any editor. Do not keep the .txt extension. If the login box keeps repeating, that means the entered username or password is incorrect.

Let’s go through the steps one by one –

Steps to Set Password Protection with .htaccess

So, as mentioned, you will need two hidden files: .htpasswd and .htaccess. Both will work together to protect your folder.

  • Open Notepad or any text editor. Type your username and password. Save the file with the name .htpasswd. Do not keep .txt at the end. Use an online tool or command to encrypt the password. That will make it more secure.
  • Go to any password generator link. Enter the username and password. It will create a new encrypted line every time.
  • Copy the same and paste it inside the .htpasswd file.
  • Now open a new text file. Add the code given below. Save it as .htaccess without the .txt extension. Make sure the file path of .htpasswd is written correctly. If the path is wrong, the protection will not work.
AuthUserFile /home/user/domain/secretfolder/.htpasswd  
AuthType Basic  
AuthName "Login Details"  
Require valid-user

You can also replace “Login Details” with any custom message. That text will show up in the login window.

  • Upload both .htaccess and .htpasswd inside the folder that you want to secure. Now, anyone who tries to open that folder will see a popup asking for login. You need the right username and password or the folder will stay locked.

Conclusion

You have now set up password protection using .htaccess. This method adds a strong layer of security to your web folders.

FAQs

What is the purpose of .htaccess password protection?

It helps secure folders on your server by asking for a username and password before access. Only users with valid details can open the files.

Where should I upload the .htpasswd file?

It should be saved outside the public folder or in a protected location. The .htaccess file must point to its exact path for the lock to work.

What should I do if the login keeps popping up?

That usually means the username or password is incorrect. Check the .htpasswd file again and confirm the encrypted password matches your login.

January 12, 2026