Linux UNIX

Password Protect Website

There are two files that must be inside your root directory in order to password protect your site.

  • .htaccess — the .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.
  • .htpasswd — .htpasswd is a flat-file used to store usernames and password for basic authentication on an Apache HTTP Server.

Step 1

cd into the main directory you want to password protect.

cd /your/root/directory

Step 2

Create the .htaccess file

Replace /your/root/directory.

vi .htaccess
AuthType Basic 
AuthName "restricted area" 
AuthUserFile /your/root/directory/.htpasswd 
require valid-user

Step 3

Create the .htpasswd file

Create new htpasswd file and add user (you will be asked to enter your password).

Replace username.

htpasswd -c .htpasswd username


Add additional users.

htpasswd .htpasswd username

Not only does password protecting your website keep users out, but it also removes your site from search results.


By Tommy Elmesewdy

DevOps Engineer