Authentication with .htaccess
This article explains how to protect your website (or a directory) using the .htaccess file.
If you have root access to web server
- Root access to the web server to run the
Log into your web server via SSH.
cdto go to the directory you want to password protect.
To protect the entire website, navigate to the
To protect a specific directory, i.e.
mydomain.com/resources/, navigate to the
pwdto get the full path of the folder:
htpasswdto create a username and an encrypted password:
htpasswd -c /var/www/mydomain_com/public_html/.htpasswd my_username
Note: Make sure to add the above full path of the directory you want to protect followed by
.htpasswdfile contains the encrypted password.
htpasswdfor as many usernames you want to create.
Change the file permissions of the
chmod 644 /var/www/mydomain_com/public_html/.htpasswd
If you don't have a
.htaccessfile, create it:
cd /var/www/mydomain_com/public_html nano .htaccess
Note: If needed, replace
If you already have
.htaccessfile, edit it:
.htaccesswith the path to the
AuthType Basic AuthName "Secure Content" AuthUserFile /var/www/mydomain_com/public_html/.htpasswd Require valid-user
Note: Do not confuse
valid-userwith your username, it's a value for the
Requiredirective to accept all valid users found in the
.htpasswdfile. To accept only a specific username instead of all usernames, use
Require user my_usernameinstead.
To password protect a specific directory, i.e.
resources/, update the
Restart Apacheand navigate to your website or directory to confirm the auth dialog appears.
Depending on your web server, the commands to restart Apachemay be different.
systemctl restart apache2.service
For older versions (Debian 7.x, Ubuntu 14.10):
systemctl restart httpd.service
For older versions (4.x, 5.x, 6.x):
service httpd restart
service apache2 restart
service start apache22
If you don't have root access to web server
Open File Manager and go to the root folder of the website, i.e.
Depending on your hosting company, this can be done through File Manager or FTP Manager.
Create a new file titled
.htpasswdand open it for editing.
Use a .htpasswd file generator to create a username and encrypted password.
Copy-paste the results and save the
Skip this stepif you know the full path to the
/home/my_username/public_html/.htpasswd). If not, continue.
5.1. Create a new file in the root folder, i.e.
public_html/, and title it
path.php. Update accordingly if your web server does not run with PHP.
5.2. Copy the following code and paste it inside the
<?php echo $_SERVER['DOCUMENT_ROOT']; ?>
5.3. Visit your website URL and append
/path.php. Visiting this composed URL should output the full path to your root folder
5.4. Copy the path.
Go to File Manager (FTP Manager etc.) and create a
.htaccessfile. If you already have a
.htaccessfile, edit it.
Add the following code in
AuthType Basic AuthName "Secure Content" AuthUserFile "/home/my_username/public_html/.htpasswd" Require valid-user
/home/my_username/public_html/.htpasswdwith the results from Step 5.3 above.