Securing Web Access with a Password

This guide explains how to protect a part of a site on a Web Hosting by requiring a password before accessing a directory (including subdirectories) from a browser.

 

Simple Method

Protect a directory with a password (Digest authentication) using the "Folder Protection" tool:

1. Click here to access the management of your product in the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Security in the left-hand menu.
4. Click on Folder Protection in the left-hand menu.
5. Click on the directory to be protected.
6. Enable protection using the toggle switch, then create one or more users*:
   
   • * Users are defined per directory; the tool does not allow managing groups of users:
     
7. Click on the Add button.
8. Click the button to Add an Access for an additional user if necessary.
9. Click on the action menu ⋮ to the right of the relevant user to edit or remove them.
10. Click the toggle switch again to completely disable the folder's protection:
    

Manual Method via .htaccess

Protect a folder with a password using your site's .htaccess file:

1. Choose and Encrypt the Password

1. Log in to your hosting via an FTP software/client or the FTP Manager.

2. In the folder to be protected, create a file named password.php and adapt the following content inside it by replacing 12345 with the desired password:

   <?php
   $pass = "12345";
   echo password_hash($pass, PASSWORD_DEFAULT);  // Displays the hashed password
   ?>

3. Open a web browser and display the password.php file (e.g., domain.xyz/folder_to_protect/password.php).
4. The web browser displays your hashed password; copy it as it will be needed in step 3...

2. Create the .htaccess File

In the folder to be protected, create a file named .htaccess and adapt the following content inside it:

AuthName "Protected Admin Page"
AuthType Basic
AuthUserFile "/example/.htpasswd"
Require valid-user

Replace /example/ with the absolute path of the folder to protect. Example:

AuthUserFile "/home/clients/0f83c7afb710e5ae2645a1b704d8772f/web/folder_to_protect/.htpasswd"

3. Create the .htpasswd File

In the folder to be protected, create a file named htpasswd.txt and adapt the following content inside it:

login:hashed_password

• Replace login with the desired login.
• Replace hashed_password with the hashed password copied in step 1 of this guide.

Once the htpasswd.txt file is saved, rename it as follows: .htpasswd.

4. Test the Login

Open a web browser and try to access one of the pages in the protected folder. If the guide has been followed correctly, the chosen login and (non-hashed) password will grant access to the protected folder.

Other restrictions can also be applied using .htaccess.