How to set permissions in .htaccess... this for everyone who is getting hacked...ensure you protect your content using the following ways What?s the easiest way to make an .htaccess file in Unix/Linux so that a directory is password protected? Suppose that your home directory is /home/sitename and all your webstuff is in /home/sitename/www/ . Follow these steps: 1. Make an .htpasswd file. The htpasswd command in Unix does this. You should put the password file outside of your web directory. So a command like ?htpasswd -bc /home/matt/.htpasswd review donotenter? will create a new file using a username of review and a password of donotenter into the file /home/matt/.htpasswd . If you were to run the command ?cat /home/matt/.htpasswd? you might see a line like ?review:M1OdtjdGiDn1Y?. 2. Make an .htaccess file. In this case, the file would be located at /home/matt/www/.htaccess and it would look something like AuthUserFile /home/sitename/.htpasswd AuthName EnterPassword AuthType Basic <Limit GET POST> require valid-user </Limit> You might need to fiddle with file permissions a little bit. My .htaccess file was readable by all, and my .htpasswd file was readable by all as well.