There are many ways to password protect a website. One of the best and easiest ways to do this is using .htaccess  and .htpasswd  files. This is a server-based password protection, that don't affect the performance or speed of a website.

Before you setup the password protection

This password protection will be valid for a folder, with all underlying files and folders. A valid username and password will be requested when accessing the folder/URL using a web browser.

The .htaccess and .htpasswd files are plain text files. Before you start this guide, you need to login to your webserver and navigate to the folder where you want to setup the password protection, either using SSH/terminal login or an SFTP client.

When you are logged in and have navigated to the correct folder, feel free to proceed.

Password protection using .htaccess

1. Create – or edit if the file already exists – a file named .htaccess

Add the following lines to the end of the file:

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/home/folder/.htpasswd

Replace the path for AuthUserFile with the full server path to the folder. Save and close the .htaccess  file.

2. Run the following command on the command line of your terminal:

htpasswd -nb username password

Replace the username and password values as desired. The command will output the username with an encrypted version of the password. Copy this output.

3. Create a file named .htpasswd .

Paste the output from the htpasswd  command in this file. Here is an example of what that would look like:


Save and close the .htpasswd  file.

Now, the password protection using .htaccess  and .htpasswd  will be setup and active. If you need to add additional users for the password protection, repeat steps 2 through 3.

If you have any questions, feel free to reach out us!

Did this answer your question?