The other day we spoke about robots.txt and we how you can use them to block bots from selected folders. Today, we wanted to explain how to set up your .htaccess file to also block humans from selected folders.

First off, let’s talk .htaccess (hypertext access) and what it is. The .htaccess is mostly commonly found on Apache(Unix/Linux) servers, and is the default name for the directory-level configuration file. How to use it? A .htaccess file is placed in a whichever directory (folder) you wish, and the directives in the .htaccess file apply to that directory (or folder), and all the subdirectories therein. The .htaccess is also easy to modify allowing you to customize configuration for requests to any particular directory where it is located. And in case you wondered why the file name starts with a dot, it’s because dot-files are by convention hidden files on Unix-like operating systems. If you’re interested to learn more about it, read.htaccess basics. Now that you have a general understanding about .htaccess, we can now move onto the wonderful world of the .htpasswd file and how we set it up.

The .htpasswd file will allow you to create a login prompt to any page you wish to protect. Below is an example of the kind of box someone will see when trying to access your private files.

So how do you set this up? The first step is to add the following lines to your .htaccess file. To that? Open notepad and use the below example. The items in bold are things you will want to change depending on the location of the AuthUserFile and content of AuthName.

AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
AuthName "Members Only Area"
AuthType Basic
<Limit GET>
require valid-user
</Limit> 

The AuthName is what the user will see when they’re prompted for a password – something to the effect of “Enter the username for Members Area Only. The AuthUserFile is location of the password file and should be the full unix path. If you don’t know it, your web host should be able to help you. Once done making the changes you wish, “save as” file .htaccess and load to the directory you wish to protect.

Now you’ll have to set up the password file, so users can login to the “members area”. You can use this handy .htpasswd generator. Just save the created document into a file called .htpasswd. For security, you should not upload the htpasswd file to a directory that is web accessible (yoursite.com/.htpasswd), it should be placed  above  your www root directory where you specified in your .htaccess file.

If you’re on a windows server, have no fear. You too can use .htaccess and .htpasswd files. Just check out this handy .htaccess tool to create the files you need for windows.

Should you require help with creating these files, please don’t hesitate to contact Mark8t E-Marketing Solutions today.