There are many ways to password protect a website. One of the best and easiest ways to do this is using .htaccess and .htpasswd files. This is a server-based password protection, that don’t affect the performance or speed of a website.
Before you setup the password protection
This password protection will be valid for a folder, with all underlying files and folders. A valid username and password will be requested when accessing the folder/URL using a web browser.
The .htaccess and .htpasswd files are plain text files. Before you start this guide, you need to login to your webserver and navigate to the folder where you want to setup the password protection, either using SSH/terminal login or an SFTP client.
Password protection using .htaccess
Time needed: 10 minutes
When you are logged in and have navigated to the correct folder, feel free to proceed.
- Create – or edit if the file already exists – a file named
.htaccess.Add the following lines to the end of the file:
AuthType BasicAuthName "Password Protected Area"AuthUserFile /path/to/home/folder/.htpasswdRequire valid-user
Replace the path forAuthUserFilewith the full server path to the folder. Save and close the.htaccessfile. - Encrypt username & password combination
Run the following command on the command line of your terminal:
htpasswd -nb username password
Replace the username and password values as desired. The command will output the username with an encrypted version of the password. Copy this output. - Create a file named
.htpasswd.Paste the output from the
htpasswdcommand in this file. Here is an example of what that would look like:username:$apr1$D.jYL.fA$404/RNS4YH/4AwfBxsl3S0
Save and close the.htpasswdfile. Now, the password protection using.htaccessand.htpasswdwill be setup and active. - Additional users
If you need to add additional users for the password protection, repeat steps 2 through 3.
If you have any questions, feel free to reach out us!
