In this article we show you how you can protect your entire website behind a username and password login. Protecting your website is useful if you are developing your website and you wish for it to remain private or if you have a security or website issue you are fixing. When your website is protected visitors are shown a login prompt and will need to enter a username and password to access your website. After logging in your website will be shown as normal.
Sections
Step 1: Password protect your website
- Log in to cPanel.
- For help accessing your cPanel see Where do I log in to my hosting control panel.
- Click Directory Privacy.
- Click Settings
- Select the website you wish to protect and click Save changes.
- You’ll now see a listing of just your website and it’s directories. Find public_html as shown by the Home icon and click the Edit button next to it. If you have selected a website which is an addon domain then please click Edit next to the top directory marked with the Home icon.
- Select Password protect this directory. Enter a name, for example, website in the Enter a name for the protected directory field and click Save.
- A message will appear showing if setting the protection was a success. Click Go back.
Step 2: Create a User who can Login
- Enter a username in the Username field under Create User
- Enter a password in the New Password field
- Click Save
You can now access your website and use the username and password to log in to your website.
Advanced Tips
Set a 401 Error Document
- Log in to cPanel.
- For help accessing your cPanel see Where do I log in to my hosting control panel.
- Click File Manager
- Open public_html, select .htaccess and click edit
- Find the AuthType Basic code:
AuthType Basic AuthName "Dev Site" AuthUserFile "/home/user/.htpasswds/public_html/passwd" require valid-user
Add ErrorDocument 401 “Unauthorized” as below:
AuthType Basic AuthName "Dev Site" AuthUserFile "/home/user/.htpasswds/public_html/passwd" require valid-user ErrorDocument 401 "Unauthorized"
Allow server access to your protected website
- Log in to cPanel.
- For help accessing your cPanel see Where do I log in to my hosting control panel.
- Click File Manager
- Open public_html, select .htaccess and click edit
Find the AuthType Basic code:
AuthType Basic AuthName "Dev Site" AuthUserFile "/home/user/.htpasswds/public_html/passwd" require valid-user ErrorDocument 401 "Unauthorized"
Add RequireAny Require ip options as below:
AuthType Basic AuthName "Dev Site" AuthUserFile "/home/user/.htpasswds/public_html/passwd" <RequireAny> Require ip 127.0.0.1 Require valid-user </RequireAny> ErrorDocument 401 "Unauthorized"