File path, .htpasswd file and directory privacy

i want to know the file path address

how do I do that

The path in the browser, or the path on the server?


of the server, i want to make a .htpasswd file so I want to know the file path address to tell where it is stored

The root folder is the /htdocs folder


but how to know the exact destination
like in windows we can get it from the top bar

If you want the .htpasswd file to affect your entire website, you put it in the htdocs folder. That is the full path, just /htdocs


so writing this is correct (in .htaccess)

Where is your htaccess file stored? It should not be stored outside of the root folder, so that would not be correct.

If you don’t know how to set it up, you should let the system do it for you. In the control panel, there is an option called “Directory Privacy”, I think that is what you are looking for.


it is stored in a file in htdocs
not outside root folder

So then why does your file path include the root folder?

should it be like this?

No, you are still including the root folder

Try “/.htpasswd” or “.htpasswd”


see this is the home page(this .htaccess is not created by me, its by IF)

now inside htdocs is .htpasswd

and inside ‘site’ folder is mine .htaccess file

so I should write /htdocs/.htpasswd or just .htpasswd?

I don’t see any .htpasswd files. You can’t connect to a file that does not exist.

Why don’t you just use the “Directory Privacy” feature in the control panel?


though .htpasswd file is there

but ‘directory privacy’ did my work
thanks @Greenreader9

1 Like

but there is a probem with it, it just asks the username and pass once, I want that every time a person open that site it should enter the credentials

Yes, because once you enter the username and password it saves a cookie to your computer telling it that you already logged in. New users don’t have that cookie, so they have to login.

Also, securing a website with htaccess is a bad idea, since a brute force attack is really easy.


so whats the best way to secure it?

I don’t know if this is the best way, but how about securing the folder so that you need a username and password to go to it?

@akshayan, that is what the OP is trying to accomplish.

I have used AuthUserFiles before, so I’ll try to provide some guidance.
By far, the easiest way to set it up is via vPanel “Directory Privacy” feature.
However, if you don’t want to use that tool, I recommend generating your own .htpasswd file:

  1. Go to this .htpasswd generator and select Bcrypt from the selections at the bottom. Type in your username and password and click “generate”
  2. Copy the output to a new/blank file named .htpasswd
  3. Save/close .htpasswd, open your .htaccess. Type this:
ErrorDocument 401 "You are unauthorized to view this resource!"
ErrorDocument 403 "You do not have access to view this resource!"
RewriteEngine On
RewriteRule .htpasswd - [F]
AuthType Basic
AuthName "Please authenticate to view this resource"
AuthUserFile .htpasswd
Require valid-user