"R.Livsey" wrote: > > What do I need to add to my .htaccess file to stop people being able to > read my .htpasswd file through the browser? <files .htpasswd> Order allow,deny Deny from all </files> or better <files ~ "^\.ht"> Order allow,deny Deny from all </files> that will keep any http client from getting any file starting with ".ht" . keith