To start, I searched the forum for .htaccess and after reading the first ten pages I have decided to just ask my question.

I have a linux server, I have no idea what kind since I'm renting from Go Daddy. I have a directory (/securefiles) and within this directory is a .htaccess file, a .htpasswd file and an index.html. When I try to go to /securefiles it askes me to login like it is suppose to. I enter my username and password and it prompts me again as to say "I'm sorry but your wrong". Now from what I have been told it is best to place the .htpasswd file "above" the root directory but since this is a small site used by maybe just hundred people I though it would be better to just put it in the directory. The thing is no matter what I put for the username and passowrd it seems to be wrong even if the password is in plaintext. I was using this (http://www.tools.dynamicdrive.com/password/) website to help me with the encrypting portion but it is not helping. So I'm not really sure what I am doing wrong.

Here is my .htaccess:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /securefiles/.htpasswd
AuthGroupFile /dev/null
require valid-user


Here is my .htpasswd:

snowwolf:qg39dEQNYpbGI


Here is my .htpasswd with plaintext password:

snowwolf:password

To start, I have been told it is best to place the .htpasswd file "above" the root directory but since this is a small site used by maybe just hundred people I though it would be better to just put it in the directory. The thing is no matter what I put for the username and passowrd it seems to be wrong even if the password is in plaintext. I was using this (http://www.tools.dynamicdrive.com/password/) website to help me with the encrypting portion but it is not helping. So I'm not really sure what I am doing wrong.


One, by putting both files in the same directory, you are allowing me or anyone else to hack your site and gain access to your files...

ONLY should the .htaccess file be placed in the same directory as the files it is supposed to protect!!! Your .htpasswd file should be located in a non-web-accessible folder ABOVE that folder as well (see below) and both files need to have the proper chmod's. In most cases, depending on your server set up, these should be set to 0644!!!

On top of that, you should not alter the .htpasswd file encryption structure. Simply use the tool at that site and use the .htaccess file like the example below:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
require valid-user

*REMEMBER* when you type in your username and password word, they need to be case-sensitive. If all else fails, I will do it for you or you can contact your hosting provider.

One: I have already contacted my hosting provider and I am waiting on a reply.
Two: Until they get back to me I have no way of going above my root.
Three: I have not messed with the encryption I was just saying that I tried it in plain text for the heck of it.
Four: Until they get back to me I need to know how to make this work.
Five: I did the chmod and they are at 0644 by default as per my FTP client settings, by the way that did not work.
Six: Next time please try and make it sound like your not yelling at a five year old, thank you.

One: I have already contacted my hosting provider and I am waiting on a reply.
Two: Until they get back to me I have no way of going above my root.
Three: I have not messed with the encryption I was just saying that I tried it in plain text for the heck of it.
Four: Until they get back to me I need to know how to make this work.
Five: I did the chmod and they are at 0644 by default as per my FTP client settings, by the way that did not work.
Six: Next time please try and make it sound like your not yelling at a five year old, thank you.

Ahhh, please don't consider that yelling.... I'd like to see your face when you find that someone has hacked you. I just wanted to be clear as to how you should SECURELY go about something you are not familiar with. A many tutorials will purposely mis-lead you! One b/c they learned the wrong info. Two, because they continue to use the wrong info. Word of wisdom, never trust your FTP settings. Double check them...