Password protecting a website (or a sub directory within a website) can be done easily thanks to two special files called .htaccess and .htpasswd
First, in the directory that you want to be protected, copy and paste the following code into a file called .htaccess :
AuthType Basic AuthName "restricted area" AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd require valid-user |
The exact path to the file is obviously important. Be aware that if wrong, it will still ask for a password but nothing will seem to work.
Second, you need to create the .htpasswd file, which looks like:
username:epgYW4tTGNZAB |
The .htpasswd file should be made of one username and password per line, separated by a colon.
The password is encrypted so you will need to use a special tool to encrypt your password in this way (MD5).
Under Linux,you can type
echo -n "password" | md5sum | cut -d ' ' -f 1 |
or you can use the apache tool called htpasswd:
htpasswd -d -nb username password |
Here -d means use the CRYPT protocol (note that there is a random seed so you may have several crypted passwords for a single password.
There are also quite a lot of online generator to be used if you do not have the tools mentionned above. Finally note that there are several protocols (CRYPT, MD5, SHA). It depends on your system. For instance MD5 is for apache servers only.
