You’ve likely come across a website or a webpage that has generated a pop-up box asking you for a username and password. Without either or the right combination of both, you can’t access that page or website.
As mentioned in our introductory paragraph, there are a number of valid reasons for wanting to password protect either your whole site or a portion of it. We also alluded to the number of different ways in which you could do so.
Our top recommendation is the make use of the Htaccess method, as it offers the most secure means of protecting your site and/or pages. This is because the method relies on your server, meaning the valid usernames and passwords are almost never shared or accessible via the browser. Nor are they stored in HTML, as is the case with other methods.
Before we take a look at how to password protect a site using Htaccess, let us consider four of the most common reasons for wanting or needing to do so.
To password protect your site, directories, or pages, you need two things: a password file, and an Htaccess file.
This is done in three easy steps:
Open a new text file (we recommend using Notepad or— even better—Notepad++). This file will be named .htpasswd—note the period in the beginning.
Enter a username and password combination. For creating strong passwords, we highly recommend making use of a password generating tool. There are free and premium versions available online, such as this one that allows you to choose the number and type of characters used as well as showing you an easy method for remembering the generated password. Important: each username and password combination must be entered on a new line in your file.
Save the file and upload it to a directory on your web server. The directory should not be live! Most hosting companies running with the cPanel control panel module have a home directory file, which is where you’ll want to upload your .htpasswd file.
This part requires a few extra steps.
Step 1. The first step is to go back to Notepad or Notepad++ and open a new file once again. This one will be called Htaccess (again, please take note of the period at the beginning).
Step 2. The following five lines of code need to be added to the file:
Step 3. Next, you need to change “/path/to/htpasswd/file/.htpasswd” (line 1) to the actual path leading to the .htpasswd file you entered earlier. For example, for a site called example.com with the control panel username “exam,” this would likely be something along the lines of “/exam/home-dir/.htpasswd.” Please note that this is only an example, and that structure will likely differ.
Step 4. “Name of Area” (line 3) needs to be changed to the name of your site, or the section of your site that needs to be protected. Following the example outlined in point 3 above, this could be “example.com” (in the case of the whole site) or “example.com/section.”
Step 5. Save the Htaccess file and upload it into the directory that you want to have protected.
Step 6. Finally, you should test whether or not your password works by attempting to access the protected URL. If the password itself does not work, you’ll have to go back to the .htpasswd file to ensure that it is entered correctly there (remember, passwords are more often than not case-sensitive). On the other hand, if you are able to access the URL without being prompted for a username and password at all, you’ll need to contact your servicer administrator to ensure that Htaccess is enabled for your site
This section is most appropriate for site managers who want or need to password protect their entire site but is also useful to read for those wanting to only protect a section of their site.
Before you create your Htaccess file, login to your control panel and navigate to the File Manager section. Enable “show hidden files,” as by default you will not be able to view files preceded by a period. If you need help with this, please contact your web host’s support team.
In the case of cPanel especially, there will already be a Htaccess file present in your public_html folder, which is where your website resides in full. For password protecting your entire site, this is the same directory you will need to upload your Htaccess file too.
However, you do not want to break your site by overwriting the existing file accidentally. If there is an existing Htaccess file, then edit it rather than replacing it. You may find that there are other lines of code already there, so simply follow the above directions by adding the necessary lines beneath the existing code.
Create, edit, customize, and share visual sitemaps integrated with Google Analytics for easy discovery, planning, and collaboration.