Protect a site folder with a password

This guide explains how to protect a part of a site by making it mandatory to enter a password to consult a directory (including sub-directories) from a Web browser.

Please note that this does not prevent the folder from being consulted by an FTP user.

Simple method

Password protect (Digest authentication) a folder using our "Folder Protection" tool:

1. open the Manager( manager.infomaniak.com)
2. go to Web Hosting
3. click on the hosting/domain name concerned
4. in the left panel, click onAdvanced tools then onFolder protection
5. click on the directory to be protected
6. enable protection and specify one or more users*
7. click on Save

* Users are defined by directory; the tool does not allow user group management

Manual method via .htaccess

This guide explains how to password-protect a folder by using your site's .htaccess file.

1. Get the full pathway of the directory to be protected

1. log in to your hosting using an FTP program or our FTP Manager
2. read FAQ chemin absolu

2. Password selection and encryption

1. In the folder to be protected, create a file called password.php and adapt the following content inside it
2. en remplaçant LePassword par le mot de passe désiré (et débutez le fichier avec une balise d'ouverture php):
   $pass = "LePassword";
   echo password_hash($pass, PASSWORD_DEFAULT); // Affiche le mot de passe crypté
   ?>
3. open a web browser and display the password.php file (e.g.:your-domain.com/folder_to_protect/password.php)
4. the web browser displays your encrypted password. Copy this encrypted password, we will need it in step 4

3. Create the .htaccess

In the folder to be protected, create a file called .htaccess and adapt the following content inside it:

AuthName "Protected administration page"
AuthType Basic
AuthUserFile "/example/.htpasswd"
Require valid-user

Replace /example/with the full path copied in step 1 of this guide, but without path.php at the end. Correct example:

AuthUserFile "/home/clients/0f83c7afb710e5ae2645a1b704d8772f/web/folder_to_protect/.htpasswd"

4. Create the .htpasswd file

In the folder to be protected, create a file called htpasswd.txt and adapt the following content inside it:

login:encrypted_password

• Replace login with the desired login
• Replace encrypted_password with the encrypted password you copied in step 2 of this guide

Once the htpasswd.txt file is saved, rename it as follows: .htpasswd

5. Test

Open a web browser and try to display one of the pages contained in the protected folder. If the guide has been followed correctly, the login and password (not encrypted) selected will give access to the protected folder.