How to password protect a web page or folder

If you have a website or a folder you may want to password protect it using an user and a password. It can easily be done by using .htaccess and .htpasswd files.

To create the .htaccess and .htpasswd files we will use Microsoft notepad or a similar program, any flat text editor should work(Sublime Text 2, Notepad ++), Word would not work because it is not a plain text editor. First of all, check if you already have a .htaccess file on the server where you have the website or inside the folder you want to protect, this is because its usefulness extends beyond managing the access to it, it is also used to configure some parameters of the web. If so, we will simply edit the file, otherwise we will create a new one. It is possible that in Windows you can not edit the name of the file, but you can save it as htaccess.txt and rename it to .htaccess once you upload it to the server. We must also bear in mind that files that start with a dot (.) can be considered system files and not show up in the file manager / explorer.

The .htpasswd file contains the user name and password, so we must save it in the root of the hosting (outside of “public” or “httpdocs” folders).


Create the .htaccess file

We will create a new text file with our notepad with the following content:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/vhost/yourdomain.com/.htpasswd
AuthGroupFile /dev/null
require valid-user

Remember to replace the text “yourdomain.com” with your own domain, written in lowercase. We will save the file, upload it to the folder we want to protect on the server using our FTP client (for example, WinSCP, FileZilla, Transmit, Cyberduck) and rename it directly on the server to “.htaccess” (without quotation marks).


Create the .htpasswd file

CWe will create a new text file with our notepad and follow these steps:

Go to http://www.htaccesstools.com/htpasswd-generator/ and type in the username and password we want to use, we then click on “Submit-it”. We typed in cliente as the username and pibeca as a password. In the next screen we will se the following stringa línea como la siguiente:


On the left side of the string you will see the username indicated and after the colon yoou will see the encrypted password, this way, if someone got access to the .htpasswd file it would not be easy recover the original password. You can create several user accounts,just add one per line.

Then just copy that line and paste it into the .htpasswd file. Save the file and upload it to the server as you with the .htaccess file before, but in this case we will save it in the root of the hosting (outside the folder “public” or “httpdocs”). After following these steps we will have access to our website or folder protected by username and password.

To make things easier, we have created a zip file with the two files created in this tutorial, just rename and upload them to the server for them to work (.htaccess and .htpasswd). You can download them here.

Leave a Reply

Your email address will not be published. Required fields are marked *