Password Protect a Website

In this article we show you how you can protect your entire website behind a username and password login. Protecting your website is useful if you are developing your website and you wish for it to remain private or if you have a security or website issue you are fixing. When your website is protected visitors are shown a login prompt and will need to enter a username and password to access your website. After logging in your website will be shown as normal.

Sections

1. Step 1: Password protect your website
2. Step 2: Create a User who can Login
3. Advanced Tips

Step 1: Password protect your website

1. Log in to cPanel.
   • For help accessing your cPanel see Where do I log in to my hosting control panel.
2. Click Directory Privacy.
   
3. Click Settings
   
4. Select the website you wish to protect and click Save changes.
   
5. You’ll now see a listing of just your website and it’s directories. Find public_html as shown by the Home icon and click the Edit button next to it. If you have selected a website which is an addon domain then please click Edit next to the top directory marked with the Home icon.
   
6. Select Password protect this directory. Enter a name, for example, website in the Enter a name for the protected directory field and click Save.
   
7. A message will appear showing if setting the protection was a success. Click Go back.
   

Step 2: Create a User who can Login

1. Enter a username in the Username field under Create User
2. Enter a password in the New Password field
3. Click Save
   

You can now access your website and use the username and password to log in to your website.

Advanced Tips

Set a 401 Error Document

1. Log in to cPanel.
   • For help accessing your cPanel see Where do I log in to my hosting control panel.
2. Click File Manager
3. Open public_html, select .htaccess and click edit
4. Find the AuthType Basic code:

        AuthType Basic
        AuthName "Dev Site"
        AuthUserFile "/home/user/.htpasswds/public_html/passwd"
        require valid-user
        

5. Add ErrorDocument 401 “Unauthorized” as below:

       AuthType Basic
       AuthName "Dev Site"
       AuthUserFile "/home/user/.htpasswds/public_html/passwd"
       require valid-user
       ErrorDocument 401 "Unauthorized"
       

Allow server access to your protected website

1. Log in to cPanel.
   • For help accessing your cPanel see Where do I log in to my hosting control panel.
2. Click File Manager
3. Open public_html, select .htaccess and click edit

4. Find the AuthType Basic code:

       AuthType Basic
       AuthName "Dev Site"
       AuthUserFile "/home/user/.htpasswds/public_html/passwd"
       require valid-user
       ErrorDocument 401 "Unauthorized"
       

5. Add RequireAny Require ip options as below:

       AuthType Basic
       AuthName "Dev Site"
       AuthUserFile "/home/user/.htpasswds/public_html/passwd"
       <RequireAny>
           Require ip 127.0.0.1
           Require valid-user
       </RequireAny>
       ErrorDocument 401 "Unauthorized"