1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Protect a site folder with a password
This guide explains how to protect a part of a site by making it mandatory to enter a password to consult a directory (including sub-directories) from a Web browser.
Please note that this does not prevent the folder from being consulted by an FTP user.
Password protect (Digest authentication) a folder using our "Folder Protection" tool:
- open the Manager( manager.infomaniak.com)
- go to Web Hosting
- click on the hosting/domain name concerned
- in the left panel, click onAdvanced tools then onFolder protection
- click on the directory to be protected
- enable protection and specify one or more users*
- click on Save
* Users are defined by directory; the tool does not allow user group management
Manual method via .htaccess
This guide explains how to password-protect a folder by using your site's .htaccess file.
1. Get the full pathway of the directory to be protected
2. Password selection and encryption
- In the folder to be protected, create a file called password.php and adapt the following content inside it
- en remplaçant LePassword par le mot de passe désiré (et débutez le fichier avec une balise d'ouverture php):
$pass = "LePassword";
echo password_hash($pass, PASSWORD_DEFAULT); // Affiche le mot de passe crypté
- open a web browser and display the password.php file (e.g.:your-domain.com/folder_to_protect/password.php)
- the web browser displays your encrypted password. Copy this encrypted password, we will need it in step 4
3. Create the .htaccess
In the folder to be protected, create a file called .htaccess and adapt the following content inside it:
AuthName "Protected administration page"
Replace /example/with the full path copied in step 1 of this guide, but without path.php at the end. Correct example:
4. Create the .htpasswd file
In the folder to be protected, create a file called htpasswd.txt and adapt the following content inside it:
- Replace login with the desired login
- Replace encrypted_password with the encrypted password you copied in step 2 of this guide
Once the htpasswd.txt file is saved, rename it as follows: .htpasswd
Open a web browser and try to display one of the pages contained in the protected folder. If the guide has been followed correctly, the login and password (not encrypted) selected will give access to the protected folder.