1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Password protect a site folder
This guide explains how to protect part of a site by making it mandatory to enter a password to consult a directory (subdirectories included) from a Web browser.
Please note that this does not prevent consultation of the file by an FTP user.
Password protect (Digest Authentication) a directory using our "Folder Protection" tool:
- open the Manager ( manager.infomaniak.com )
- go to Web Hosting
- click on the hosting/domain name concerned
- in the left side panel, click on Advanced tools and then on Folder protection
- click on the directory to be protected
- activate protection and define one or more users*
- click on the save button
* Users are defined per directory; the tool does not allow to manage groups of users.
Manual method via .htaccess
Password protect a folder using your site's .htaccess file:
1. Choice and encryption of the password
- connect to your hosting via FTP software or our FTP Manager
- in the folder to be protected, create a file called password.php and adapt the following content inside, replacing 12345 with the desired password (and start the file with a php opening tag):
$pass = "12345";
echo password_hash($pass, PASSWORD_DEFAULT); // Display the encrypted password
- open an Internet browser and display the password.php file (eg: domain.xyz/dossier_a_proteger/password.php)
- the Internet browser displays your encrypted password. Copy the encrypted password, we will need it in step 3
2. Create the .htaccess
In the folder to be protected, create a file called .htaccess and adapt the following content inside:
AuthName "Protected Admin Page"
AuthUserFile " /example/.htpasswd "
Replace /example/ with the absolute path of the folder to protect (read absolute path FAQ). Example:
3. Create the .htpasswd file
In the folder to be protected, create a file called htpasswd.txt and fit the following content inside:
login : encrypted_password
- Replace login with the desired login
- Replace encrypted_password with the encrypted password copied in step 1 of this guide
Once the htpasswd.txt file has been saved, rename it as follows: .htpasswd
Open an Internet browser and try to display one of the pages contained in the protected folder. If the guide has been followed correctly, the login and password (unencrypted) chosen allow access to the protected file