How to password protect a directory on your website

How to password protect a directory on your website

Create the password file

Firstly, you have to create the file which will contain the list of usernames and passwords which are allowed to access the site. Usually, you create a .htpasswd file for this which will then be used by the .htaccess file. It is a simple text file, which contains usernames and their encrypted passwords.

If you have any questions about how to encrypt passwords in a .htpasswd file, please contact our community of users or the OVHcloud partners.

In Windows, you cannot directly create a file named .htaccess or .htpasswd. You must give it another name, transfer it to your web space and then rename it .htaccess or .htpasswd using your FTP client.

The .htpasswd should not necessarily be in the same location as the .htaccess file. For example, you could place it in the webroot, and use it to protect different website directories, given that a single .htpasswd file can be used by several .htaccess files. The .htpasswd file must contain one line per user specifying the username and password.

These lines are as follows:


Example for username: "Admin" and password: "ovh1234" this will give the following: Admin:gl0IiOirI2n6M

Once the .htpasswd password has been created, you just have to place it where you have chosen, and go to the next step: creating .htaccess files.

Remember to add a carriage return after the encrypted password.

Create the .htaccess file

To block access to an entire directory, create a .htaccess text file as follows and place it in to the directory you want to password protect.

IMPORTANT, In the following example, you have to replace your_ftp_username with your FTP username, you will find this in your control panel.

AuthUserFile /home/your_ftp_username/www/.htpasswd
AuthGroupFile /dev/null
AuthName "Restricted access"
AuthType Basic
require valid-user

In the example above, your .htpasswd file is located in the /www folder on your web server.

For previous products

For the Start and 1000GP solutions, the path you need to place in the authuserfile is different. You will have got it in the activation email. If not, or if you have lost this email, you can use the following PHP script:

echo realpath("path.php");

Block access to one or more specific files

To block access to one or more specific files, you just have to add the tags (one FILES tag per file):

<Files test.php>

AuthUserFile /home/your_ftp_login/www/.htpasswd
AuthGroupFile /dev/null
AuthName "Restricted access"
AuthType basic
require valid-user


Go further

Join our community of users on

Did you find this guide useful?

Please feel free to give any suggestions in order to improve this documentation.

Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.

Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.

Thank you. Your feedback has been received.

These guides might also interest you...

OVHcloud Community

Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.

Discuss with the OVHcloud community