m (→Directions: clean up categories with <noinclude> tags)
m (Hutchy68 moved page How do you password protect directories using .htaccess? to How do you password protect directories using htaccess?: fixing page not accessible)
This FAQ explains how to protect the Joomla! /administrator/ directory on Apache servers using the htpasswd utility. You can easily adapt these instructions to protect other directories. If you need help finding or creating your .htaccess file, start here.
Basic authentication should not be considered secure for any particularly rigorous definition of secure. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text across the network. Anyone listening with any variety of packet sniffer will be able to read the username and password in the clear as it goes across.
Not only that, but remember that the username and password are passed with every request, not just when the user first types them in. So the packet sniffer need not be listening at a particularly strategic time, but just for long enough to see any single request come across the wire.
And, in addition to that, the content itself is also going across the network in the clear, and so if the web site contains sensitive information, the same packet sniffer would have access to that information as it went past, even if the username and password were not used to gain direct access to the web site.
Don't use basic authentication for anything that requires real security. It is a detriment for most users, since very few people will take the trouble, or have the necessary software and/or equipment, to find out passwords. However, if someone had a desire to get in, it would take very little for them to do so.
Basic authentication across an SSL connection, however, will be secure, since everything is going to be encrypted, including the username and password.
AuthUserFile /home/auth/.htpasswd AuthGroupFile /home/auth/.htgroups AuthType Basic AuthName "LWS" require group admins
If you can not use the Apache htpasswd utility, here's a free, online script that creates the necessary files for you. You'll need to know the user name, password, and path. The script does the rest for you. Note that for more advanced configuration, such as the use of groups, you'll need to edit the resulting files.
.htaccess Generator: http://www.webmaster-toolkit.com/htaccess-generator.shtml