Be careful when editing and saving an “.htaccess” file on your site, it is very fickle and one small misspelling will throw a “Server 500 Error” which is never pleasant. You may be apprehensive to go online and use an “.htaccess password generator”, so here’s a way to make your server secure without going on a website that records your IP address and the username and password unencrypted. Doesn’t sound very safe. Though there is a tool available on this site to do just that, I can assure you we don’t record any input here, but that doesn’t mean someone else isn’t snooping during your session online, though.
So here’s a simple PHP snippet to generate the proper password. It is highly recommended that the “.htpasswd” file containing the username and password are stored OUTSIDE of your web root folder in a folder above so normal public visits and crawlers are more apt to have difficulty infiltrating and finding the proper file.
< ?php // Password to be encrypted for a .htpasswd file $straight_pwd= 'my password'; // Encrypt $password = crypt($straight_pwd, base64_encode($straight_pwd)); echo $password; ?>
To set up any folder or your entire site with a log-in provides many benefits, one major benefit is that it locks down any development environment from outside snooping and search engine crawling. It also adds another level of security for sensitive areas of your website. So, each folder can have a different log-in, or the log-in requirement can be removed by customizing .htaccess wherever you need this unique security.
AuthType Basic AuthName "Password Protected Area" AuthUserFile /path/to/.htpasswd Require valid-user
By the way, you don’t have to use the file name “.htpasswd”, as a matter of fact, you should use something that isn’t so common or obvious to help obfuscate where you are actually hiding the passwords to begin with. Also, don’t forget to include the settings in your .htaccess file to protect snoopers from being able to view your .htaccess file if this isn’t activated or default on your web host.
Usually in code the pipe, “|” stands for “”or”.
#Deny access to all files ending with .htaccess,.custom-private or .configOrder allow,deny
