I want to password-protect a directory within my website. I create an .htaccess file with all of the needed lines, I create an encrypted password file, etc. It seems to work just OK.
Now, if I type not only the directory (e.g. mywebsite.com/blog) but also the file (mywebsite.com/blog/index.php), it asks for a password, yet, if I press “Cancel” repeteadly, lo!, the page DOES load, even if not loading all of the images, etc.
Any idea about it? I’d like to make it so that even if a person should try and type the whole URL including the .php, they wouldn’t be able to access that directory .
Is there any way I can improve my .htaccess file? I understand you can password protect only one file, if you want. Would protecting index.php too help? (And how can it be done?)