Authentication with .htaccess
This article explains how to protect your website (or a directory) using the .htaccess file.
On this page
If you have root access to web server
Prerequisites
- Root access to the web server to run the
htpasswd
command.
Instructions
Log into your web server via SSH.
Type
cd
to go to the directory you want to password protect.To protect the entire website, navigate to the
public_html/
folder:cd /var/www/mydomain_com/public_html
To protect a specific directory, i.e.
mydomain.com/resources/
, navigate to theresources/
folder:cd /var/www/mydomain_com/public_html/resources/
Type
pwd
to get the full path of the folder:pwd /var/www/mydomain_com/public_html
Type
htpasswd
to create a username and an encrypted password:htpasswd -c /var/www/mydomain_com/public_html/.htpasswd my_username
Note: Make sure to add the above full path of the directory you want to protect followed by
/.htpasswd
. The.htpasswd
file contains the encrypted password.Tip: Run
htpasswd
for as many usernames you want to create.Change the file permissions of the
.htpasswd
file:chmod 644 /var/www/mydomain_com/public_html/.htpasswd
If you don't have a
.htaccess
file, create it:cd /var/www/mydomain_com/public_html nano .htaccess
Note: If needed, replace
nano
withvi
orvim
.If you already have
.htaccess
file, edit it:nano .htaccess
Update
.htaccess
with the path to the.htpasswd
file:AuthType Basic AuthName "Secure Content" AuthUserFile /var/www/mydomain_com/public_html/.htpasswd Require valid-user
Note: Do not confuse
valid-user
with your username, it's a value for theRequire
directive to accept all valid users found in the.htpasswd
file. To accept only a specific username instead of all usernames, useRequire user my_username
instead.To password protect a specific directory, i.e.
resources/
, update theAuthUserFile
directive:AuthUserFile /var/www/mydomain_com/public_html/resources/.htpasswd
Restart Apacheand navigate to your website or directory to confirm the auth dialog appears.
Depending on your web server, the commands to restart Apachemay be different.
Debian/Ubuntu
systemctl restart apache2.service
For older versions (Debian 7.x, Ubuntu 14.10):
/etc/init.d/apache2 restart
CentOS/RHEL (RedHat)
systemctl restart httpd.service
For older versions (4.x, 5.x, 6.x):
service httpd restart
Alpine Linux
service apache2 restart
FreeBSD
service start apache22
If you don't have root access to web server
Instructions
Open File Manager and go to the root folder of the website, i.e.
public_html/
.Depending on your hosting company, this can be done through File Manager or FTP Manager.
Create a new file titled
.htpasswd
and open it for editing.Use a .htpasswd file generator to create a username and encrypted password.
Copy-paste the results and save the
.htpasswd
file.Skip this stepif you know the full path to the
.htpasswd
file (i.e./home/my_username/public_html/.htpasswd
). If not, continue.5.1. Create a new file in the root folder, i.e.
public_html/
, and title itpath.php
. Update accordingly if your web server does not run with PHP.5.2. Copy the following code and paste it inside the
path.php
file:<?php echo $_SERVER['DOCUMENT_ROOT']; ?>
5.3. Visit your website URL and append
/path.php
. Visiting this composed URL should output the full path to your root folderpublic_html/
folder.5.4. Copy the path.
Go to File Manager (FTP Manager etc.) and create a
.htaccess
file. If you already have a.htaccess
file, edit it.Add the following code in
.htaccess
:AuthType Basic AuthName "Secure Content" AuthUserFile "/home/my_username/public_html/.htpasswd" Require valid-user
Replace
/home/my_username/public_html/.htpasswd
with the results from Step 5.3 above.