cancel
Showing results for 
Search instead for 
Did you mean: 

How to password protect your website

How to password protect your website

How to password protect your website

You would not normally want to password protect a complete website since doing so would deny casual visitors the ability to gain a flavour of its contents. However you might want to restrict access to part of the site - for example a particular folder.

To password protect a particular folder in your webspace, follow these steps:

  1. Create .htaccess
  2. Create .htpasswd
  3. Upload the files and edit permissions
  4. Rename the files

Please note: these specific instructions can only be used within your standard homepages webspace. For CGI see the guidance in Note2 at the end of this article.

1. Create .htaccess


Open your text editor (Notepad will do for Windows users, OS X users can use TextEdit) and paste in content which depends on whether your ISP is from the Plusnet or Madasafish brands.

For Plusnet brands paste in the following block of text:

AuthUserFile /share/isp/plusnet/www/xy/username/htdocs/path/.htpasswd
AuthName "Please Log On"
AuthType Basic
require valid-user

  • Replace plusnet with force9, freeonline or metronet if appropriate for your account.
  • Replace xy with the first two characters of your account username.
  • Replace username with your account username.
  • Replace path with the name of (or path to) the folder that you want to protect

As an example, if your username was hotdog and you wanted to protect a folder called stuff, it would look like this:

AuthUserFile /share/isp/plusnet/www/ho/hotdog/htdocs/stuff/.htpasswd


For Madasafish brands paste in the following block of text:

AuthUserFile /share/isp/madasafish/www/xy/username/public_html/path/.htpasswd
AuthName "Please Log On"
AuthType Basic
require valid-user

  • Replace madasafish with easily, global, ic24, totalserve, waitrose, fnn (for Freenetname), greenbee, care4free or totalise if appropriate for your account.
  • Replace xy with the first two characters of your account username.
  • Replace username with your account username.
  • Replace path with the name of (or path to) the folder that you want to protect

As an example, if your username was hotdog and you wanted to protect a folder called stuff, it would look like this:

AuthUserFile /share/isp/madasafish/www/ho/hotdog/public_html/stuff/.htpasswd

In either case save the text file as htaccess.txt - we'll rename it later.

2. Create .htpasswd


Go to the htpasswd manager on our Usertools site.

  • Enter the username and password you want to be use in the boxes on the left and click Submit
  • You'll see the username you entered appear in the list on the right-hand side
  • If you want to add more, do so and click Submit after each one
  • Once you've finished, leave the Username & Password boxes blank and click Submit


You'll now see a box that shows each username you entered, followed by an encrypted version of their passwords.

It'll look something like this:

andrew:lklt1SXOoPlQ2

Copy & Paste this into a new file in your text editor and save it as htpasswd.txt

3. Upload the files and edit permissions


Connect to your webspace, go to the folder you want to password protect, and upload both files to this folder.
If necessary - usually it won't be - use your FTP program to change access permissions - sometimes called CHMOD - for both files htaccess.txt and htpasswd.txt to 644 (File Owner: read & write, group & public: read only).
CHMODing the files offers security by preventing other users from altering your files.

4. Rename the files


The final step is to rename the two files as follows - note the leading full stop:

  • Rename htaccess.txt to .htaccess
  • Rename htpasswd.txt to .htpasswd

The files will disappear the next time you refresh, if you need to edit or remove them you'll need to use an FTP program that allows you to see hidden files such as FileZilla. If you're not sure how to do this, there's a step-by step guide here.
That's it! If it's worked, you'll be asked for a username and password the next time you browse to the protected folder.
Note: if you get a 500 internal server error message it is likely that the fully qualified file-system path to .htpasswd you entered in the .htaccess file is incorrect. Did you make the correct substitutions after copying the model text?
Note2: This protection can also be set up on CGI. To obtain the file-system path for AuthUserFile run the following script in the folder to be protected:

<?php
print getcwd();
?>
0 Thanks
3 Comments
639 Views
3 Comments
Grafter
Thank you very much, most helpful. What is the AuthUserFile path to use for the cgi server?
I thank thee.
Community Gaffer
Hi Ratbag, the easiest way to get the path for the CGI server is to run a php script containing the following command:

I'll add this to the guide soon.
Not applicable
Thanks. I found this v useful.