How do I password protect my site? (.htaccess)

This article will show you how to password protect the website associated with your Hosting account via a .htaccess file.

Before getting started, you will need to create two files: a .htaccess file and a .htpasswd file.

.htaccess

The .htaccess file is a configuration file that’s used to change and control the behaviour of your server by specifying certain rules. Some of the most common uses of .htaccess files include loading custom error pages, creating redirects or password protecting certain directories.

To password protect your website, the file should contain the following text:

AuthUserFile  /websites/123reg/LinuxPackage21/my/do/ma/mydomain.co.uk/public_html/.htpasswd
AuthGroupFile /dev/null
AuthName secure
AuthType Basic
require user joebloggs
require user mickeymouse
order allow,deny
allow from all

 

As you’ll see, this text will prompt anyone trying to access the directory it has been placed in for a username and password. This file only allows two users – ‘mickeymouse’, and ‘joeblogss’. If you wanted to add another user (e.g. dolly), you would need to add this line to the file:

require user dolly

You must place your .htaccess file within the directory you wish to password protect and ensure that it contains the names of all the valid users who are permitted to access the directory.

Furthermore, the section websites/123reg/LinuxPackage21/my/do/ma/mydomain.co.uk/public_html/.htpasswd in the first line needs to be replaced with the full path to the .htpasswd file on your hosting.

Please note: If you are unsure of the full path for your hosting package, please read the following guide for assistance: What are the full paths to my 123 Reg Hosting package?

Once you’ve made your file, save it as .htaccess and place it in the directory you wish to protect.

 

 

.htpasswd file

The .htpasswd file contains all username and password combinations, and is called after the .htaccess file is executed (when an attempt is made to access a secure directory).

A valid .htpasswd file would look like:

joebloggs:811WxO6PUtEaU
mickeymouse:497AESlZlqULY 
dolly:32sdVhgjraGTE

 

Each username password entry is in the format [username][password]. All passwords must be encrypted for this to work (as in the example above).

So, how do I encrypt my passwords?

Well, luckily there are some free tools available on the net for the generation of enrypted passwords.

Many of these free tools can be found by going to a search engine such as Google and searching for “.htpasswd generator”.

Once you have added all the user/password combinations, place the .htpasswd file in the root (top most) directory of your hosting account.

You should now have a working password protected directory.

Related Support Material:

  1. A guide to .htaccess files for WordPress
  2. How do I update the database password within my configuration file?
  3. How do I view/change my SFTP/SSH password?
  4. How do I reset the password for my Microsoft 365 package?
  5. How do I reset the password for Domain Ownership Protection?
  6. How do I add custom code to my site?