Adding password protection to a directory using .htaccess is a two-step process.
The first part is to add the appropriate lines to your .htaccess file in the directory you would like to protect. Everything below this directory will be password protected:
AuthName “Section Name”
There are a few parts of this which you will need to change for your site. You should replace “Section Name” with the name of the part of the site you are protecting e.g. “Members Area”.
The /full/path/to/.htpasswd should be changed to reflect the full server path to the .htpasswd file (more on this later).
Password protecting a directory takes a little more work than any of the other .htaccess functions because you may be also creating a file to contain the usernames and passwords which are allowed to access the site.
These should be placed in a file which (by default) should be called .htpasswd.
Like the .htaccess file, this is a file with no name and an 8 letter extension. This can be placed anywhere within your website (as the passwords are encrypted) but it is advisable to store it outside the web root so that it is impossible to access it from the web.
Once you have created your .htpasswd file in a notepad you must enter the usernames and passwords to access the site. They should be entered as follows:
where the password is the encrypted format of the password. To encrypt the password you will either need to use one of the premade scripts available on the web or write your own.
For multiple users, just add extra lines to your .htpasswd file in the same format as the first. There are even scripts available for free which will manage the .htpasswd file and will allow automatic adding/removing of users etc.
To access a site you need to give the URL as follows:
HTTP:// username : firstname.lastname@example.org/directory/