2 min read

How to password-protect web pages with .htpasswd

Jason Dobry
Security

How Nexcess clients can use FTP and SSH to restrict access to web pages to one or more users.

But first…

You need both FTP and SSH access to the server hosting your website. See How to add FTP accounts with SiteWorx and How to enable SSH access for more information.

Method

ATTENTION: Any input in brackets ([username], [dev.example.com], and so on) represents a placeholder. Replace the brackets and everything between them with the indicated information. 

  1. Log in using FTP and download your .htaccess file from the folder you wish to protect; for example:
    /home/username/dev.example.com/html/.htaccess. If this file is not here, you may need to create it.
  2. At the top of the .htaccess file, insert the following:

    ATTENTION: The AuthUserFile path should be the target location for storing your username and password. We recommend doing this in a location outside of the html folder.
    AuthType Basic
AuthName "Password Protection"
AuthUserFile /chroot/home/[username]/[dev.example.com]/.htpasswd
Require valid-user
  3. If you wish to block a specific page, you would use <FilesMatch>to limit this to a single page, like so:
    AuthType Basic
AuthName "Password Protection"
AuthBasicProvider file
AuthUserFile /chroot/home/[username]/[dev.example.com]/.htpasswd

Require valid-user
  4. Log in with SSH, then use the cd command to change your directory to the target directory for the .htpasswd file:
    cd /chroot/home/[username]/[dev.example.com]/
  5. To generate a new .htpasswd file with one user, issue:
    htpasswd -nb [username] [password] > .htpasswd

    After this, you can use htpasswd -nbcommand to generate new username and password combinations to add to the .htpasswd file. For example:

    htpasswd -nb [username2] [password2]
  6. The output will resemble the following; copy it to your clipboard:
    [username2]:$apr1$AvsmeS7S$Y.K4zIO6Abgw7zd.Hnq.W/
  7. Using FTP, add the new user as a new line to the existing .htpasswd file. Repeat Steps 5 and 6 for every user as necessary. For example:
    [username]:$apr1$MqnlWasH$zEF0/tORcU2GuRNFMhACj0
[username2]:$apr1$AvsmeS7S$Y.K4zIO6Abgw7zd.Hnq.W/

For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

Related articles

Security 10 min read
What Indicates A Compromised Website? Danny Jensen
Cloud 5 min read
The Four Key Challenges to Expect When Managing Your Own VMware Setup Duncan Garcia
Security 3 min read
Top 5 Practical Security Tips for National Cybersecurity Awareness Month Todd Terwillegar
Security 5 min read
Six Best Practices for Secure Remote Access Saylor Holder
Agency 7 min read
10 Incredible Benefits of VPS Hosting Wolf Bishop
Security 12 min read
Cybersecurity threat mitigation: prevention and protection Marho Atumu

Wait! Get exclusive hosting insights

Subscribe to our newsletter and stay ahead of the competition with expert advice from our hosting pros.

Loading form…