How to Password Protect a Website

Use .htaccess files

Create a text file named .htpasswd. This is a file used to store a list of usernames and passwords that people use to access the website. You can do this on your computer if you plan to upload the file to the web server via FTP (short for 'file transfer protocol'). If you log into your web host using SSH or some other method, use the server's text editor to create the file. Note: because it contains important password information, you should not store the file in a folder accessible on the web.

Suppose you want all users accessing the website https://www.wikihow.com/test to have to enter a password to view content here, so you download web files to this location on the web server. : /www/sites/www.wikihow.com. At this time, do not put the .htpasswd file in that directory but store it in the main directory (for example: /usr/home/yourusername).

If you don't have access to a home directory other than your regular website, contact web hosting support and tell them that you need to store your .htpasswd file in a location other than your web directory. . They will know what needs to be done.

Generate encrypted passwords at http://www.htaccesstools.com/htpasswd-generator . Storing passwords in plain text is not very secure, so you'll need to use an online encryption tool to generate the password. Here's how:

Enter the username in the "Username" field. This is the name that one or more people need to use when logging in to access the website.

Enter the password for this username.

Click Create .htpasswd file .

At this point, the username and encryption password will be separated by a colon. For example, if you enter wikihowas username and badpasswordas password, we will have: wikihow:$apr1$k7iNRs8E$jL98Y2BEGl2qaF61PuiJ/1.

Highlight this entire line, right-click the selected text, and select Copy .

The encrypted password is not the password the user would enter to access the website. They will enter plain text, but the encrypted version is only for the server side.

Paste the copied text into the field by right-clicking on the first line of the blank file and selecting Paste .

The .htpasswd file can contain multiple usernames and passwords. You just need to enter each username and password combination on a separate line.

Save and exit the file. If you created the file on your computer, upload it to the server now. Again, DO NOT save the file to a web-accessible folder.

Create a new text file named .htaccess. Like the previous file, you can do this on your computer if you plan to upload this file directly to a web server or via the FTP protocol. Unlike the .htpasswd file, .htaccess needs to be stored in the folder you want to password protect.

Suppose you want to password protect the https://www.wikihow.com/test website, save the .htaccess file in a subfolder /test/(for example: /www/sites/www.wikihow.com/test/).

Paste the code into the file. The example below is assuming that you have a .htpasswd file saved in the /usr/home/yourusername. Please replace your actual path and save it as a .htpasswd file.

AuthType Basic AuthName "Protected Site" AuthUserFile /usr/home/yourusername/.htpasswd require valid-user

Save and exit the file. If you create the file right on the server, this is it. If you edit on your computer, upload the file to the folder you want to password protect.

Use a web browser to test. When you use a web browser to visit a protected site, the website will ask you to log in. Proceed to enter the username and password in plain text (not the encrypted version) to log in. Please check both cases: correct password and incorrect password.

Use an online website builder

Log in to your website's admin console. If your website is edited through an online tool like Squarespace or Wix, you can use the website editor to set up passwords for areas that need to be protected.

Some services may require you to upgrade to a higher level to protect your website with a password. Some other sites don't even have this feature.

The steps will also vary depending on the hosting service.

Go to the site or area you want to protect. In most cases, this section will be called Pages .

Unless you want to set up a password for the entire website, don't select the home/index page. If you only want to set a password for a specific page, you need to access that page in the editor.

If you want to require a password when accessing a specific blog post, such as on Wordpress.com, you'll need to find the password settings on the New Post page .

Go to the Settings section of the selected site. For example, on Squarespace, you'll click or tap the menu located in the upper right corner to open the settings. If you use Wix, click the three-dot menu and select Settings .

Enable password protection for the site. Some sites require you to click a switch or checkbox to adjust the page's visibility, while other services only require you to enter a password.

If you use Wix, click the Permissions tab and select Password Holders and enter the password.

On Squarespace, simply enter your password in the "Password" field.

Save changes and check the password.

Test password protection. Once set up, use a web browser to test by visiting the protected URL. Try both cases: correct password and wrong password.

Contact your web hosting service for instructions. If you're having trouble or aren't sure where to find your password settings, find support on your web host's Support page. Most of these services are run by experienced administrators and they will be happy to help you make your website more secure.

Lesley Montoya

Update 04 December 2023