Showing results for 
Search instead for 
Did you mean: 

.htpasswd file location

Posts: 1
Registered: 17-07-2011

.htpasswd file location

I am intending to password protect a section of my website using .htaccess/.htpasswd files. I have done this previously with a different ISP placing the .htpasswd file below the root directory. The advice I was given at the time was "For security, you should not upload the htpasswd file to a directory that is web accessible (, it should be placed above your www root directory." I was able to do this, though I cannot recall quite how.
It seems logical for security  to keep the password file out of harms way but I have not found any comment on this issue in the forum. Are my concerns misplaced?
How would I go about placing a file below my root directory?
Posts: 9,283
Thanks: 630
Fixes: 47
Registered: 06-04-2007

Re: .htpasswd file location

Password protecting folders is explained in the Community Support Library article How to password protect your website.
On Homepages the web root folder is /htdocs and / is physically above that. On CCGI the web root is / and no locations available to the user are above it. In either case Order, Allow and Deny directives can be used to control web access to a particular folder.