1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Secure Web Access with Password
This guide explains how to protect a part of a website on a Web Hosting by requiring a password before accessing a directory (including subdirectories) from a browser.
Simple Method
Protect a directory with a password (Digest authentication) using the "Directory Protection" tool:
- Log in to the Infomaniak Manager (manager.infomaniak.com) from a web browser like Brave or Firefox.
- Click on the icon in the top right corner of the interface (or navigate through the left side menu, for example).
- Choose Hosting (Web & Domain universe).
- Directly click on the name of the relevant item in the displayed table.
- Click on Advanced Tools in the left side menu.
- Click on Directory Protection in the left side menu.
- Click on the directory to protect.
- Enable protection and define one or more users*.
- Click on the Save button
* Users are defined by directory; the tool does not allow managing user groups.
Manual Method via .htaccess
Protect a directory with a password using the .htaccess file of your site:
1. Choose and encrypt the password
- Connect to your hosting via FTP software or the FTP Manager.
- In the directory to protect, create a file called password.php and adjust the following content inside by replacing 12345 with the desired password (and start the file with a php opening tag):
$pass = "12345";
echo password_hash($pass, PASSWORD_DEFAULT); // Displays the encrypted password
?> - Open a web browser and display the password.php file (e.g.,
domain.xyz/dossier_a_proteger/password.php
) - The web browser displays your encrypted password; copy the encrypted password, it will be needed in step 3
2. Create the .htaccess file
In the directory to protect, create a file called .htaccess and adjust the following content inside:
AuthName "Protected Administration Page"
AuthType Basic
AuthUserFile "/example/.htpasswd"
Require valid-user
Replace /example/ with the absolute path of the directory to protect (read this guide if necessary). For example:
AuthUserFile "/home/clients/0f83c7afb710e5ae2645a1b704d8772f/web/dossier_a_proteger/.htpasswd"
3. Create the .htpasswd file
In the directory to protect, create a file called htpasswd.txt and adjust the following content inside:
username:encrypted_password
- Replace username with the desired login
- Replace encrypted_password with the encrypted password copied in step 1 of this guide
Once the htpasswd.txt file is saved, rename it as follows: .htpasswd
4. Test
Open a web browser and try to display one of the pages contained in the protected directory. If the guide has been followed correctly, the chosen login and password (unencrypted) should allow access to the protected directory.
Additional restrictions can also be applied by .htaccess.