How to password protect your website

You would not normally want to password protect a complete website since doing so would deny casual visitors the ability to gain a flavour of its contents. However you might want to restrict access to part of the site - for example a particular folder.

To password protect a particular folder in your webspace, follow these steps:

1. Create .htaccess
2. Create .htpasswd
3. Upload the files and edit permissions
4. Rename the files

Please note: these specific instructions can only be used within your standard homepages webspace. For CGI see the guidance in Note2 at the end of this article.

Open your text editor (Notepad will do for Windows users, OS X users can use TextEdit) and paste in content which depends on whether your ISP is from the Plusnet or Madasafish brands.

For Plusnet brands paste in the following block of text:

• Replace plusnet with force9, freeonline or metronet if appropriate for your account.
• Replace xy with the first two characters of your account username.
• Replace username with your account username.
• Replace path with the name of (or path to) the folder that you want to protect

For Madasafish brands paste in the following block of text:

• Replace madasafish with easily, global, ic24, totalserve, waitrose, fnn (for Freenetname), greenbee, care4free or totalise if appropriate for your account.
• Replace xy with the first two characters of your account username.
• Replace username with your account username.
• Replace path with the name of (or path to) the folder that you want to protect

In either case save the text file as htaccess.txt - we'll rename it later.

Go to the htpasswd manager on our Usertools site.

• Enter the username and password you want to be use in the boxes on the left and click Submit
• You'll see the username you entered appear in the list on the right-hand side
• If you want to add more, do so and click Submit after each one
• Once you've finished, leave the Username & Password boxes blank and click Submit

It'll look something like this:

Copy & Paste this into a new file in your text editor and save it as htpasswd.txt

Connect to your webspace, go to the folder you want to password protect, and upload both files to this folder.
If necessary - usually it won't be - use your FTP program to change access permissions - sometimes called CHMOD - for both files htaccess.txt and htpasswd.txt to 644 (File Owner: read & write, group & public: read only).
CHMODing the files offers security by preventing other users from altering your files.

The final step is to rename the two files as follows - note the leading full stop:

• Rename htaccess.txt to .htaccess
• Rename htpasswd.txt to .htpasswd

The files will disappear the next time you refresh, if you need to edit or remove them you'll need to use an FTP program that allows you to see hidden files such as FileZilla. If you're not sure how to do this, there's a step-by step guide here.
That's it! If it's worked, you'll be asked for a username and password the next time you browse to the protected folder.
Note: if you get a 500 internal server error message it is likely that the fully qualified file-system path to .htpasswd you entered in the .htaccess file is incorrect. Did you make the correct substitutions after copying the model text?
Note2: This protection can also be set up on CGI. To obtain the file-system path for AuthUserFile run the following script in the folder to be protected: