Protecting htdocs with password

How do I protect all the files inside htdocs with directory privacy?
I have all of my images and one html file all inside the htdocs folder, without any subfolders. How can I add password protection using the directory privacy option in InfinityFree?

Hello there,

You can try doing it with htaccess and htpasswd:

It still doesn’t work, even after following their directions.
I do not have any subfolders in htdocs.
This is my htaccess file:
AuthType Basic
AuthName “Please enter username and password:”
AuthUserFile /home/vol9_5/
Require valid-user
I made my .htpasswd file as specified by the htpasswd generator.
Please help.

That’s probably because you did not properly followed the instructions.

This is what your .htaccess file should look like:

<FilesMatch "filesyouwanttoportect.txt">
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /home/vol9_5/
require valid-user

The AuthUserFile depends on where your .htpasswd is located, you can create one if you don’t have one already.

And for your .htpasswd file should look like this:


Which you can generate one using this tool:

By the way what’s your problem with the “Directory Privacy” feature in the Control Panel again?

Thank you for the prompt response and your patience.
I have a couple of queries:

  • Could you please explain the ‘FilesMatch’ tag? Is it necessary?
  • Do I write the name of the file (eg. index.html) next to the FilesMatch tag, or do I create a list of the file names in a .txt file and write the name of the .txt file there?
  • Does using a different mode (I used SHA1 in the htpasswd file) affect whether the htpasswd file works or not?

Regarding the directory privacy option, I have no issue per se, but I simply don’t understand how to protect single files. I even tried putting all the files inside a folder inside htdocs (htdocs>my folder> all my files) and then using directory privacy, but it still doesn’t work.

Yep absolutely if you want to protect a singe file or multiple files for example any matching files with the name “mysite.html” will be protected if you specify the file name in the <FilesMatch> tag.

Nope it doesn’t have to be a txt file, it will also work with other file extension like .html and .php

Nope but it does affect how secure your htpasswd credentials will be.

Well you can just manually protect a single file by using the <FilesMatch> tag as what I have aforementioned.

You can use our Directory Privacy tool for it. If you want to protect you entire website, just enter a single slash in the subdirectory field.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.