Password protecting directories that contain sensitive information is essential. On *NIX (UNIX and Linux) web servers this is relatively easy to achieve using a .htaccess and .htpasswd file combination. This is how it works:

• Both files are simple text files. The .htaccess file goes into the directory you want to password protect and the .htpasswd file goes into a directory somewhere else on the server that is (preferably) not accessible from the web.

• The AuthUserFile directive (top line) of the .htaccess file must contain the full path and file name (from the server root) of the .htaccess file. In other words, if you put the .htaccess file in a directory called
  /home/jo-bloggs/secret/
  the complete AuthUserFile line will look like so:
  AuthUserFile /home/jo-bloggs/secret/.htpasswd
  
  When the .htaccess file is generated, you must manually change the full-path-to-server-root part to suite your server before saving the file or it will not work.

Name (Title) of Protected Area - this can be anything you like. e.g. Secure-Login, My-App or whatever.

Secret Directory - path to password file, relative to document root - this document. E.x. private

Username you want to use when you log in

.htaccess File Code. Copy the text and save it in a file called .htaccess in the Admin directory.