first make a htaccess file with the following:

AuthType Basic

AuthName “Restricted Area”

AuthUserFile path/to/.htpasswd

require valid-user

Make sure there are no extra spaces after AuthUserFile, otherwise it won‘t work. The AuthUserFile is the path to the .htpsswd file we‘ll be creating next. Apache uses the mod_auth module for basic authentication. Keep in mind that the basic Authtype is quite vulnerable because it sends the passwords and logins unencrypted as plaintext and can hereby be captured by anyone listening in. The HTTP Digest Authentication on the other hand protects your password and login information whilst being transferred by including it in a message digest that has been hashed with MD5.

htpasswd:

Now, we‘ll create a file called .htpasswd. The following lines are case-sensitive. The password has to be MD5‘d. Use aMD5 generator to do this. This is an example of a htpasswd file:

A .htaccess file is a file located at your webserver which enables you to make changes to some of the Apache options without having to modify the httpd.conf Apache configuration file or restarting the webserver. Making changes in the httpd.conf file requires a reboot of the webserver. Most webservers allow htaccess modifictations to a certain extend. The only disadvantage of using a htaccess is, every time a http request is made, it has to read the htaccess file, resulting in a slower delivery time.

This is the htaccess file I use to remove the .php extension to create clean urls. All you have to do is create a .htaccess file. Unless hidden files are visible on your hard drive you shouldn‘t name it .htaccess at first, but rename it when you‘ve uploaded it to your web space, because all files beginning with a dot become automatically hidden. So, just leave out the dot at first.