The Apache web server gives you the ability to password protect certain pages on your website (like an admin area for example). Heres a quick guide to setting up a password protected directory on your site.

Note: Setting up password protection for webpages requires some Unix command line activity, you'll find a good Unix command line reference document at About.com

Getting started

First of all you will need to create a file called .htaccess in the directory to be protected. The file is a simple text file which can be created in any text editor and needs to consists of four lines:

AuthName realm nameAuthType BasicAuthUserFile path-namerequire user user-nameThe AuthName specifies a "realm name", this will appear in the box prompt which requires the user to give their username/password. In the case of our admin pages "Site Administration" is a good example.

The AuthType line should be entered exactly as shown above.

The AuthUserFile should be the full Unix path to the file containing the encrypted password (we will look at this in next section). This is usually in the same directory as the .htaccess file and is normally named .htpasswd. It might be useful to come back to this and fill it once you've created your password file. You can check the location of the password file is using the Unix command pwd while in the directory to be protected.
The require line specifies the name of the user that will have access to the protected area. This should be surrounded by double quotes.

So heres an example of our .htaccess file at the moment:
AuthUserFile /my/path/to/password/file
AuthName "Site Administration"
AuthType Basic
require user "admin"
Setting the password

Once you've created the .htaccess file you will need to create a password file and ensure that the user has the correct access rights.

Working in the directory to be protected execute the following Unix command
htpasswd -c .htpasswd user-nameIn this command the '.htpasswd' is the name of the password file so you can call it what you want, however I like to stick to .htpasswd to be consistent. If you do change the password file name be sure to update your .htaccess file's AuthUserFile path with the correct password name.

When you execute the command you will be prompted for the actual password twice. The user-name is the user name as specified in the require user line of the .htaccess file.

If you want to change a password you have already set, use htpasswd as above but omit the -c command line option.

Finally you need change the file permissions for both the .htaccess and .htpasswd files so that the web server can read them. To do this issue the Unix command:
chmod go+r .htaccess .htpasswdThats it!

You should now be prompted to login once you try to access your protected domain.