security lock

How to Password Protect a Website, File, or Directory Using HTPASSWD

Do you want to password protect your entire website, a file, directory, or path on your website? Maybe you want to setup authentication to share content with a client or other authorized user. Or maybe you’re working on a website project that’s not ready to be seen publicly, yet. Regardless, I’ve got a super-duper solution that could be right up your alley.

I’m talking about password protecting a website using .htpasswd. A .htpasswd file is used for protecting a file, folder, or entire website with a password using HTTP authentication and implemented using rules within an .htaccess file.

To be clear, I’m not talking about creating a membership site. This isn’t about creating a special login page or using a WordPress plugin to limit access to a piece of content.

Using .htpasswd, when someone visits the URL of the folder, file, directory, or website they will be prompted with an alert-style login box from their browser and won’t be allowed to continue unless they authenticate using the username and password you’ve created.

.htpasswd password authentication is relatively easy to do, so let’s get right into it.

Creating .htpasswd Authentication

Here’s two different ways you can create .htpasswd files.

  • Option 1: Using SSH and the command line
  • Option 2: Using a free htpasswd generator tool

Option 1: Using CLI

All it requires to set up an .htpasswd file is SSH access to your site. Most web hosts allow that, but you’ll have to check with your specific host to figure that part out. Once you have your ssh connection info you can use Terminal (Mac) or PuTTy (Windows) to connect to your site and create an .htpasswd file using this command in the CLI:

htpasswd -c /path/to/your/protected/website/.htpasswd your_chosen_user_name

The -c option is pretty cool, too. It creates the .htpasswd and overwrites it if one already exists — which is useful if you ever forget your password.

Anyway, run that command and it’ll prompt you for a password. And then ask you to confirm the password.

Adding Multiple Usernames

For multiple usernames, simply run the command again and provide a different username. It doesn’t get much easier than that.

Option 2: Using a htpasswd Generator

If you don’t have SSH access — or you’d just rather not use the command line interface for any reason — it’s even easier to create a .htpasswd file using a free online htpasswd generator tool.

You’ll still need to add the generated .htpasswd file to your website. Either upload it through your web hosts file access dashboard or using your favorite FTP program (like FileZilla, CyberDuck, WinSCP, etc.)

Removing htpasswd Authentication

If or when you’re ready to remove .htpasswod password authentication just delete the .htpasswd file using an FTP program or through your web host if they provide you a file access dashboard.

Category: Website Development