Password Protecting Your mysite.du.edu Site

Password protection is currently available for personal websites only.

Modifying your SFTP settings to manage htaccess

  • Check your SFTP settings to ensure you can reach the files required to manage or set up password protected folders for your site.
  • Your host and path settings should be as follows:
    • Host or server: mysite.du.edu
    • Directory (Path): /mysite/[username]/
  • If you were using .htaccess for authentication prior to the mysite.du.edu migration, you should see your public_html folder as well as a ".webpass" folder when you view your remote files.

Maintaining your existing htaccess file

  • If you were using password protected folders prior to the mysite.du.edu migration, your password files have been moved with your mysite.du.edu website and should continue working.
  • Your .htpasswd file is located at:
    • /mysite/[username]/.webpass/.htpasswd
  • If you want to move your .htpasswd file out of the .webpass directory, reflect this location change in the .htpasswd path in your .htaccess file (or files). Its recommended that you keep your .htpasswd file above the public_html folder.
  • When adding users to your existing .htpasswd file, you must use either DES or MD5 encryption for your passwords. A useful tool for creating the contents of .htpasswd files can be found at http://www.htaccesstools.com/htpasswd-generator/

Setting up a new htaccess for basic authentication

  • Create a file called ".htaccess" inside the folder you want to protect. This is the entire name of the file including the extension. Use a text-only editor such as notepad to create this file. You can also use your web editor if it supports working in plain text mode.
  • If you want your entire site protected, create your .htaccess file inside public_html. If you want to limit access to a particular subdirectory of your site, create the .htaccess file in that folder.
  • An example of the contents of an .htaccess file:
    • AuthType Basic
    • AuthName "Password Required"
    • AuthUserFile /mysite/[username]/.htpasswd
    • Require valid-user
  • You'll also need to create a file called ".htpasswd" for the .htaccess file to check when someone attempt to access the protected directory. The .htpasswd file contains the names and encrypted passwords for the users you granted access to. This file should be placed in the directory above your public_html directory. Please note the "AuthUserFile" path to the .htpasswd:
    • AuthUserFile /mysite/[username]/.htpasswd
  • If you put the .htpasswd file in another folder in the same level as public_html, youll need to reflect this in the path within your .htaccess file, for example:
    • AuthUserFile /mysite/[username]/[foldername]/.htpasswd
  • Passwords within .htpasswd must be encrypted either using DES or MD5. A useful tool for creating the contents of .htpasswd file can be found at: http://www.htaccesstools.com/htpasswd-generator/