Password Protect Your Site with HTACCESS

Password Protect Your Site with HTACCESS

While I was developing sites for my clients, I found it’s better to develop on one of my servers than getting them transferred to preferred hosts. This way, it gives me more flexibility towards development. Once the job is done, I may have things that I want to check out too. For example, a custom work I did on an eCommerce site – can be accessed from my development server when I later need to. Here comes the problem! These sites are already live on a different hosting and domain. The demo site getting indexed is not what we want. For this issue, I came across a very quick solution with htaccess, which is password protecting the staging/developed site.

First, we need to create a username and password for the site’s htpasswd file. You can easily generate the htpasswd file from here.

You will get an encrypted code to use when you click Create .htpasswd file

Now you will need to create a .htpasswd file in the root directory of the site that you want to protect. For example, the site link is You will need to create the file under the demosite directory. Once created, paste the code generated for the file and save it.

The next step is to edit your .htaccess file under the demosite directory. Copy the following code under the existing rules of your .htaccess file

AuthName "message_text"
AuthType Basic
AuthUserFile /path_to_the_site/.htpasswd
require valid-userCode language: Bash (bash)

Here you will need to change two things. the message_text portion with the message you want to display when the username and password are asked. The next change is for the portion path_to_the_siteHere you will need to enter the correct path of your site’s directory. The important thing to remember here, you will need to enter the path starting from the server root. For example, you are running on a CentOS installation on your VPS and the site’s directory is on home/user/public_html/domain/demosite/ then you will need to change the line to this

AuthUserFile /home/user/public_html/domain/demosite/.htpasswdCode language: Bash (bash)

Now, just save the file and try loading the site on your browser. You should see the browser asking for a username and password.

Now everything inside the directory is secured and can not be accessed unless you log in with the correct details. So, no indexing 😀 Let me know your thoughts about this method and if you have a better and easy solution for this, feel free to share in the comments.

Last Updated: May 27, 2020

Al-Mamun Talukder

About Al-Mamun Talukder

WordPress Developer. Minimalist Designer. Tech Enthusiast. Music & Movie Freak. Loves Cars. Founder of WolfDevs.

Connect with me: Upwork, GitHub, Facebook, Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *