I just realized that it might be important to password protect some stuff on your website. Here’s how to do it.
Let’s assume that your website fils are stored in /var/www/. So create a sub-directory called e.g. protected.
In /var/www/protected/, create a file called .htpasswd. This will store the username and password require to access files in this folder from the Internet. The file should contain lines formatted like:
You may want to encrypt your passwords before putting them in. This means that if somebody hacks your folder, they will see some gibberish password that is hard to reverse-engineer into what you actually need to type into the password box. To do this, use a utility like the one at the bottom of this page. Note that you are trusting that they aren’t screwing you over and recording your password when they encrypt it for you…
Almost done. Now you need to tell your server to use this.
As per this link, you need to open your Apache configuration file with e.g.
sudo nano /etc/apache2/apache2.conf
and then add to the end of the file a block as follows:
<Directory "/var/www/protected"> AuthType Basic AuthName "Authentication Required" AuthUserFile "/var/www/.htpasswd" Require valid-user Order allow,deny Allow from all </Directory>
That should just about do it. To force the changes into effect, restart your server:
sudo service apache2 reload
Now try navigating to the protected folder from your browser. You should encounter a pop-up asking you for your credentials.