Password Protect Website

Password Protect Website

There are two files that must be inside your root directory in order to password protect your site.

  • .htaccess — the .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.
  • .htpasswd — .htpasswd is a flat-file used to store usernames and password for basic authentication on an Apache HTTP Server.

Step 1

cd into the main directory you want to password protect.

cd /your/root/directory

Step 2

Create the .htaccess file

Replace /your/root/directory.

vi .htaccess
AuthType Basic 
AuthName "restricted area" 
AuthUserFile /your/root/directory/.htpasswd 
require valid-user

Step 3

Create the .htpasswd file

Create new htpasswd file and add user (you will be asked to enter your password).

Replace username.

htpasswd -c .htpasswd username


Add additional users.

htpasswd .htpasswd username

Not only does password protecting your website keep users out, but it also removes your site from search results.