Password Protect Your Domain Website

Article ID: 110

How can I password protect my web site?

There are many methods of protecting your web site using a password. We recommend using .htaccess and .htpasswd files as this is a very secure, yet very easy-to-configure option.

NOTE: It is not possible to use .htaccess/.htpasswd files to protect your /cgi-bin directory.

Step 1: Create the .htaccess file:
Using a text editor such as Notepad create a file called .htaccess. (The file extension is .htaccess. It is not file.htaccess or somepage.htaccess, it is simply named .htaccess.) There is a chance that your text editor will add its default file extension to the name (ex: Notepad might call the file .htaccess.txt). You need to remove the .txt (or other) file extension in order for it to function. It should look something like this. ( Note: yourdomain does not include www. )


AuthUserFile /home/iinet.com/y/yo/yourdomain.com/cgi-bin/.htpasswd
AuthName "This is my protected page"
AuthType Basic


require user joeuser
require user johndoe


AuthUserFile is the full server path to your .htpasswd file.The "y" in this example would be the first letter of your domain name. "yo" would be the first 2 letters of your domain name. "yourdomain" should be YOUR domain.

AuthName is the name of the area you want to access. It could be anything, not necessarily "This is my protected page" as in the example.

AuthType Basic for basic HTTP authentication.

require user is where you enter the username of those who you want to have access to that part of your site. Note that using this will allow only that specific user(s) to be able to access that directory. If you wanted the entire list of users in the .htpasswd file to have access to a directory, you would replace require user with require valid-user.

Step 2: Create the .htpasswd file:
Using a text editor such as Notepad create a file called .htpasswd. Next you will need to add the "encrypted tokens" of the users that will have access. Click the link below to generate passwords.

Password Generator

Just cut and paste the results from this form to your .htpasswd file. The .htpasswd file should look something like this.
( username:encrypted password )
joeuser:39HWifjGAj/7.
johndoe:G4wt/<35SjGas

Step 3: FTP the files to your website:
Upload the .htpasswd file in a secure directory (cgi-bin is a likely candidate) using your FTP program. If you upload the file to a different directory, make sure it matches the path you reference in the .htaccess file.

Upload the .htaccess file in the directory you want to protect. Putting the .htaccess in your default directory will cause your whole web site to be password protected. This will prevent anyone without the correct username and password from viewing your web site. Do not do this unless that is what you want to do.