Hi, most of the hosting companies not allow access to their apache configuration files usually because of security reasons, htaccess file provides advanced solution in hosting server configuration, there are many methods to configure htaccess manually to allow proper security and functionality level of our website.

htaccess file is an extension file and could be created using text editor, file easily created with linux vi or getit text editors, it could be easily created on host in any directory, create the file and name it .htaccess . Microsof windows editors dont recognize this kind of file, you will be nervous in time of creatin .htaccess file with windows, so my suggestion to do that in linux/unix/sun/macOS operating systems. It’s a big shame to Bill Gates not to support .htaccess and extension files and glurt hates Microsoft for that.

.htaccess file allows password protection of files and folders, the username and password stored encrypted in file called .htpasswd

First of all we will create our .htpasswd file  Password stored in .htpasswd file should be encripted

For example we will use username : glurt and the password : 1234567

To encrypt .htpasswd password we will use simple PHP function crypt(), if you don’t use PHP, you can encrypt password online using encryption tool

PHP code to encrypt .htpasswd password is a cool simple solution:

<?php
// Password to be encrypted for a .htpasswd file
$clearTextPassword = 'some password';

// Encrypt password
$password = crypt($clearTextPassword, base64_encode($clearTextPassword));

// Print encrypted password
echo $password;
?>

Once we encrypted our password, in our case it was 1234567 , edit your .htpasswd file and insert following line :

glurt:69Bh19jYR.a8A

Save .htpasswd file. That’s it, our password encrypted and stored for user glurt.

To protect any file on your server, create or edit .htaccess file and add lines below into your .htaccess :

<Files private.php>
AuthType Basic
AuthName “Restricted”
AuthUserFile /path/to/.htpasswd
Require valid-user
</Files>

AuthUserFile /path/to/.htpasswd where /path/to/.htpasswd is the path to your .htpasswd file.

Another idea is to use PHP and save registrant’s username and passwords without using mysql, only with .htpasswd file. But this method will slow down your server a little bit, because in the storing process you will need to use fopen, fwrite functions, that slowing script load times. Anyway, .htpasswd provides high level file or directory protection.

What happens when we want to protect more files with .htaccess and .htpasswd , we will use FilesMatch definition for this method :

<FilesMatch “^(private|protected|secure|index)*$”>
AuthType basic
AuthName “Restricted”
AuthUserFile /home/path/.htpasswd
Require valid-user
</FilesMatch>

If you know PHP programming language, FilesMatch is close to PregMatch function, file names that contain text private, protected, secure, index will be password protected, and the password will be the same.

Now it’s a good idea to protect folders with password :

AuthType Basic
AuthName “Protected”
AuthUserFile /home/path/.htpasswd
AuthGroupFile /path/to/protected
Require valid-user

Well , when you are visiting your password protected file or folder you will be asked again and gain, it’s a good idea to allow to only your IP to visit the files and folders. And here is the code, change 127.0.0.1 – home sweet home IP to your IP address.

AuthType Basic
AuthName “Sorry, Restricted Area!”
AuthUserFile /home/path/.htpasswd
Require valid-user
Allow from 127.0.0.1
Satisfy Any

Good luck coding .