First, you need to create the htaccess file. It should be named ".htaccess" (note the dot at the front of the name), and should be inside the directory you want to protect. It is a simple text file containing a few instructions for the web server, as follows:
AuthName "Your Secure Realm Name"
AuthType Basic
AuthUserFile /home/username/authusers
require valid-user
That last line will allow anybody with a username and password in the "authusers" file (discussed below) to access the directory. If you would prefer to restrict it to specific users in the "authusers" file, you can substitute a line like this:
require user "bob" "jane" "John Doe"
...to allow only the users "bob", "jane", and "John Doe" access. (Note: the quotes are only necessary for usernames with spaces in them, but we use them everywhere for consistency.)
Once your .htaccess file is in place, you need to create your authusers file. This file contains the usernames and (encrypted) passwords that can be looked up for access to the directory. (Note: the following instructions only work for those with ssh access to the UNIX server.)
From your home directory (that is, not your www subdirectory, but your account's home directory), type the following command to create the authusers file and add the first username:
htpasswd -c authusers "username"
...substituting the username you want to use for "username". You will then be prompted to enter the password twice.
To add additional usernames, or to change the password on an existing username, use:
htpasswd authusers "username"
That should do it!
