Protecting Folders using Passwords with WampDeveloper Pro


How-to generate an .htpasswd file with the proper usernames and passwords in it by using Apache's htpasswd, and how-to configure Apache to use .htpasswd to restrict access to locations.

Example to Restrict Access to the /stats URL

To protect URL to only allow access to user 'john' (and a password)...


1. Run 'cmd.exe' to open the command line (or click WampDeveloper Pro's System Tab, 'Command Line' button), enter the following commands...

cd \WampDeveloper\Websites\
mkdir htpasswd
cd htpasswd
mkdir stats
cd stats
htpasswd -c .htpasswd john

These lines will:

  1. Change the working directory to drive C: and path \WampDeveloper\Websites\ (you'll need to use your own installation path if WampDeveloper Pro was not installed to C:\WampDeveloper).
  2. Create sub-directory htpasswd\stats\, which will hold the .htpasswd file.
  3. Use htpasswd.exe to create the .htpasswd file with an initial user 'john' (and the asked password).

Note that htpasswd's -c switch creates the '.htpasswd' file, if this file already exists and you use the -c switch, the file will be overwritten. To add a second user do not use the -c switch.


2. Edit the website's VirtualHost configuration file (Websites Tab, select website, 'Configurations' button) to enable the .htpasswd functionality for a specific URL location.

Inside the <VirtualHost ...> block, add:

<Location /stats>
  AuthName "Stats Access"
  AuthType Basic
  AuthUserFile "C:/WampDeveloper/Websites/"
  Require valid-user

Note the specific URL and .htpasswd file paths. Replace with your own values.


Another option (instead of editing the VirtualHost configuration as above) is to use an .htaccess file, residing in the directory/folder you wish to protect.

AuthName "Stats Access"
AuthType Basic
AuthUserFile "C:/WampDeveloper/Websites/"
Require valid-user

This .htaccess option will only work for true URLs ... urls that correspond 1-to-1 with a website's DocumentRoot sub-directory. The previous example was for WampDeveloper Pro's URL '/stats', which is not a directory, but is rather a URL "alias" to another directory (WampDeveloper Pro provides a global /stats URL for every website, that maps-out to a single copy of AWStats log analyzer) and hence must use a "Location" container (which cannot be used / does not make sense in an directory specific .htaccess file).

Apache Modules

3. Load the required Apache modules.

To make sure all required modules are loaded, also include this in the website's VirtualHost file (outside the <VirtualHost ...> block / not inside it), or in file Config\Apache\extra\wampd-custom.conf (which is probably better to use as module loading is not website specific):

<IfVersion ~ ^2\.0\.[0-9]+$>
<IfModule !mod_auth.c>
    LoadModule auth_module modules/

<IfVersion >= 2.2>
<IfModule !auth_basic_module>
    LoadModule auth_basic_module modules/
<IfModule !authn_file_module>
    LoadModule authn_file_module modules/
<IfModule !authz_user_module>
    LoadModule authz_user_module modules/
<IfModule !authz_groupfile_module>
    LoadModule authz_groupfile_module modules/

4. Restart Apache.


When setting this up for the first time, after changes, always clear your browser cache and close it to reset everything. Or you will keep getting the same result.

For a user to log out after authentication, all browser windows have to be closed. Closing only the specific browser tab will not log the user out.

If accessing the password protected page returns a "401 HTTP" error code, that means 'authorization required' - it wants a valid username and password to access the URL/folder.

This authentication method is the basic/general web-server and browser-based protocol authentication mechanism. A PHP + MySQL based authentication script can provide a much more advanced/robust solution.