Password protect a folder on your PHP site

Here are the final steps for how to get a password protected folder on your PHP site.
As it took me ages to get it working, I thought I”d document it here so you dont have to spend ages too!

1) Create a folder outside of the main public html visible web folder – this hosting had a folder called .htpasswrds, but you can easily create your own. It needs to be outside the main web site folder to prevent it being read. (Even though the passwords are encrypted, the accounts could potentially be hacked witha brute force attack)
2) Create a .htpasswrd file. Just a plain text file, like the .htaccess file
3) Create a name & password for your protected folder using the facility here
http://www.clockwatchers.com/htaccess_tool.html

4) Copy the line it creates for you and paste it in the .htpasswd file and save it
5) In the folder you want to password protect, create online pokies (or add) the folowing to your .htaccess file


AuthUserFile /home/pathtoyoursite/.htpasswds/.htpasswd
AuthGroupFile /dev/null
AuthName "Private Area"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>


This should be enough for you to get prompted for a password each time you access that folder.
Note:

• Private Area will be the title of your box – depending on your browser, so this can be changed to something more meaningful.
• You will get a 500 server misconfiguration message if the system can”t find you passwords file
• The “require valid-user” line will let in any user who is listed in the passwords file (you can have multiple users)
• Some hosts will lock your IP address out if you have too many incorrect login attempts (I found this out to my cost today. Cue lots of time spent re-booting my router to get different IP addresses!)

I hope this is helpful to some of you.