Legacy


  1. Home
  2. Support
  3. Legacy
  4. Scripting
  5. Protecting a Directory Using .htprotect and .ok_user (Windows)

Protecting a Directory Using .htprotect and .ok_user (Windows)

The .htprotect method of protecting your files and directories is one of the easiest ways to add more security to your website. You will require two files, a .hprotect and an .ok_user. You’ll also need access to your root directory and the directory of which you wish to protect.

You should be able to use your FTP client of choice, such as FileZilla or Cyberduck, to create and edit these files.

The .ok_user File

The .ok_user file is the file we’ll use to store all the usernames and passwords of the users authorised to have access to the site. The usernames are stored in plaintext, where as the passwords are hashed using the MD5 algorithm.

1. Create an .ok_user file in a directory named /.htmaster/. You will need to do this in your ROOT directory.

2. Visit our user:password generator.

3. Input the user:password combination you wish to use to gain access to your site with into the corresponding fields and click Submit.

4. Follow the instructions and Copy the output specified and place it within your .ok_user file.

5. Save the file once you have inputted all the users you wish to have access to the site.

The .htprotect File

1. Create a file called .htprotect within the directory you wish to protect with your username and password.

2. Add into the .htprotect file the following code, making sure you get the AuthUserFile correct. It should be the same location where your .ok_user file is located. Make sure to change the code highlighted /username/ to be correspondent with your own username.

AuthType basic
AuthName "Secured area"
AuthUserFile H:/hshome/username/.htmaster/.ok_user
Require valid-user

You can use the bottom part of the output from the method above if you wish, making sure you alter the correct parts.

3. Save the file after making sure the code is correct.

When visiting the site in certain browsers, your website/directory should now be locked behind an authentication window. You will need to input the username and password of a verified user stored in the .ok_user file in order to gain authorised access to the site.

Was this article helpful to you?

Last modified: 04/02/2019