My isp sent me this reponse when I asked about my htpasswd files placment in my site. Is there any more secure way or is he just wrong.


Unfortunately, the htpasswd file does need to be in a location that is readable. Placing it in the secure folder won't work, as the secure folder would lock htaccess from being able to query htpasswd for passwords.

I wish I could say there was a more secure way of setting this up, unfortunately, there isn't.

Jesse Harris
Speakeasy Network Domains"