There are many ways to password protect a website. One of the best and easiest ways to do this is using
.htpasswd files. This is a server-based password protection, that don't affect the performance or speed of a website.
Before you setup the password protection
This password protection will be valid for a folder, with all underlying files and folders. A valid username and password will be requested when accessing the folder/URL using a web browser.
The .htaccess and .htpasswd files are plain text files. Before you start this guide, you need to login to your webserver and navigate to the folder where you want to setup the password protection, either using SSH/terminal login or an SFTP client.
When you are logged in and have navigated to the correct folder, feel free to proceed.
Password protection using .htaccess
1. Create – or edit if the file already exists – a file named
Add the following lines to the end of the file:
AuthName "Password Protected Area"
Replace the path for AuthUserFile with the full server path to the folder. Save and close the
2. Run the following command on the command line of your terminal:
htpasswd -nb username password
Replace the username and password values as desired. The command will output the username with an encrypted version of the password. Copy this output.
3. Create a file named
Paste the output from the
htpasswd command in this file. Here is an example of what that would look like:
Save and close the
Now, the password protection using
.htpasswd will be setup and active. If you need to add additional users for the password protection, repeat steps 2 through 3.
If you have any questions, feel free to reach out us!