How to password-protect web pages with .htpasswd

    October 17, 2019

    How Nexcess clients can use FTP and SSH to restrict access to web pages to one or more users.

    But first...

    You need both FTP and SSH access to the server hosting your website. See How to add FTP accounts with SiteWorx and How to enable SSH access for more information.

    Method

    ATTENTION: Any input in brackets ([username], [dev.example.com], and so on) represents a placeholder. Replace the brackets and everything between them with the indicated information. 

    1. Log in using FTP and download your .htaccess file from the folder you wish to protect; for example:
      /home/username/dev.example.com/html/.htaccess. If this file is not here, you may need to create it.

    2. At the top of the .htaccess file, insert the following:

      ATTENTION: The AuthUserFile path should be the target location for storing your username and password. We recommend doing this in a location outside of the html folder.
      AuthType Basic
      AuthName "Password Protection"
      AuthUserFile /chroot/home/[username]/[dev.example.com]/.htpasswd
      Require valid-user
    3. If you wish to block a specific page, you would use <FilesMatch>to limit this to a single page, like so:
      AuthType Basic
      AuthName "Password Protection"
      AuthBasicProvider file
      AuthUserFile /chroot/home/[username]/[dev.example.com]/.htpasswd
      <FilesMatch “[secret.php]”>
      Require valid-user
      </FilesMatch>
    4. Log in with SSH, then use the cd command to change your directory to the target directory for the .htpasswd file:
      cd /chroot/home/[username]/[dev.example.com]/
    5. To generate a new .htpasswd file with one user, issue:
      htpasswd -nb [username] [password] > .htpasswd
      After this, you can use htpasswd -nbcommand to generate new username and password combinations to add to the .htpasswd file. For example:
      htpasswd -nb [username2] [password2]
    6. The output will resemble the following; copy it to your clipboard:
      [username2]:$apr1$AvsmeS7S$Y.K4zIO6Abgw7zd.Hnq.W/
    7. Using FTP, add the new user as a new line to the existing .htpasswd file. Repeat Steps 5 and 6 for every user as necessary. For example:
      [username]:$apr1$MqnlWasH$zEF0/tORcU2GuRNFMhACj0
      [username2]:$apr1$AvsmeS7S$Y.K4zIO6Abgw7zd.Hnq.W/


    For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

    Was this article helpful?

    Send feedback

    Can’t find what you’re looking for?

    Our award-winning customer care team is here for you.

    Contact Support