How to Password Protect Web Pages
There are plenty of reasons why you may want to password protect web pages. Maybe you want to hide new versions of your website until said versions is ready to launch. Restricting access to private sections of your website and enabling only people you know and trust to see them is another possibility. Or maybe you just want to make the information on the site available to just a few testers or reviewers. Alternatively, you may want to grant access to paid content to just a select few individuals. Whatever your motives may be, there’s an easy way to restrict access to web pages, and even whole sites, by using .htpasswd.
Htaccess, allows you to easily password-protect any page or directory on your web server - even an entire website. Due to the fact that it relies on the web server, the valid usernames and passwords are never shared with the web browser or stored in the HTML, which adds a layer of security to the .htpasswd method of password protecting pages.
When trying to access the site or page, visitors wishing to do so will be prompted to enter a username and password by a pop-up. Any visitor who can’t enter the necessary credentials can't enter the site – it’s that simple.
When using this method to grant users access to important information on your site, it is a good idea to make sure that the passwords they need to input are as strong as possible. To that end, it may be prudent to generate long, strong random passwords, or encrypted passwords, to make sure that hackers and other undesirables won’t be able to gain entrance to the web page in question through rainbow table attacks, brute-force attacks etc.
How to Use .htpasswd to Password-Protect Your Web Pages
- Open a text editor, such as macOS's TextEdit, or Windows' Notepad. Create a new text, and title it .htpasswd making sure to include the dot at the beginning of the name.
- Save the file. When you do so, make sure that the format you choose is “ASCII”, with no file extension. The full file name should be .htpasswd.
- Open your .htpasswd file, and setup each username and password, one per line, divided by a colon, like this:
username:password
For example:
JohnDoe:1dl3;5nx4kg# - Upload the .htpasswd file to a directory on your web server that is not live.