We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.
Only
--:--:--
left to get 75% OFF Nexcess premium managed hosting
Shop plans
Contact Us
Contact Us
Sign in
Sign in
Nexcess Logo

How to password-protect web pages with .htpasswd

September 11, 2019

How Nexcess clients can use FTP and SSH to restrict access to web pages to one or more users.

But first...

You need both FTP and SSH access to the server hosting your website. See How to add FTP accounts with SiteWorx and How to enable SSH access for more information.

Method

ATTENTION: Any input in brackets ([username], [dev.example.com], and so on) represents a placeholder. Replace the brackets and everything between them with the indicated information. 

  1. Log in using FTP and download your .htaccess file from the folder you wish to protect; for example:
    /home/username/dev.example.com/html/.htaccess. If this file is not here, you may need to create it.

  2. At the top of the .htaccess file, insert the following:

    ATTENTION: The AuthUserFile path should be the target location for storing your username and password. We recommend doing this in a location outside of the html folder.
    AuthType Basic
    AuthName "Password Protection"
    AuthUserFile /chroot/home/[username]/[dev.example.com]/.htpasswd
    Require valid-user
  3. If you wish to block a specific page, you would use <FilesMatch>to limit this to a single page, like so:
    AuthType Basic
    AuthName "Password Protection"
    AuthBasicProvider file
    AuthUserFile /chroot/home/[username]/[dev.example.com]/.htpasswd
    <FilesMatch “[secret.php]”>
    Require valid-user
    </FilesMatch>
  4. Log in with SSH, then use the cd command to change your directory to the target directory for the .htpasswd file:
    cd /chroot/home/[username]/[dev.example.com]/
  5. To generate a new .htpasswd file with one user, issue:
    htpasswd -nb [username] [password] > .htpasswd
    After this, you can use htpasswd -nbcommand to generate new username and password combinations to add to the .htpasswd file. For example:
    htpasswd -nb [username2] [password2]
  6. The output will resemble the following; copy it to your clipboard:
    [username2]:$apr1$AvsmeS7S$Y.K4zIO6Abgw7zd.Hnq.W/
  7. Using FTP, add the new user as a new line to the existing .htpasswd file. Repeat Steps 5 and 6 for every user as necessary. For example:
    [username]:$apr1$MqnlWasH$zEF0/tORcU2GuRNFMhACj0
    [username2]:$apr1$AvsmeS7S$Y.K4zIO6Abgw7zd.Hnq.W/


For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

Jason Dobry