Are you working on a website for which you want to restrict access? Is there an area on your site (like stats or private pages) for which you want exclusive access? If yes, this article is meant just for you. Htaccess allows you to enable password protection on an entire site or specific section. Anyone trying to access the protected content will be required to login using their credentials.

To password protect a directory, you’ll need to upload two files onto it – htaccess and htpasswd. The htaccess is the configuration file containing the password protection directive. The htpasswd is the file that contains the login credentials. Before adding the appropriate rule in your htaccess file, you first find figure out the full path of the folder that you wish to protect.

Step 1

Let’s consider the root folder. Though you access it in your browser as http://mysite.com, the folder is fetched from a location such as /home/user/public_html/mysite.com/ on your web server. This path varies for different users, domains, and servers. In order to find the right path on your server, you can use the following script –

<?php
$dir = dirname(__FILE__);
echo “<p>Full path to this dir: ” . $dir . “</p>”;
?>

Paste the above lines of code in an empty file and save it as fullpath.php. You must then upload this file to the folder where you’d like to enable password protection. Next, invoke the fullpath.php from your browser – http://mysite.com/fullpath.php. You should see the full path displayed on your browser –

Full path to this dir: /home/daniel/public_html/funfetti.in

If you are looking to enable password protection on a certain such as wp-includes, add the above script to that folder.

Step 2

Now that you know the full path to the root folder, you can proceed with adding the password protect directive to your htaccess file. Add the following lines –

AuthType Basic
AuthName “Password Protected Area”
AuthUserFile /home/daniel/public_html/funfetti.in/.htpasswd
Require valid-user

You need to upload the htaccess file to the wp-includes folder if you are enabling password protection on that folder.

Step 3

Lastly, you need to create the .htpasswd file with the username and password. The username and password are stored as follows –

test:$apr1$I0wNz1tX$1zn7glLxpdYfYq79rsO0S/

The password is encrypted for enhanced safety. You can use one of the many htaccess password generators to generate such encrypted passwords. You also have the option of creating multiple users for a specific directory.

test:$apr1$I0wNz1tX$1zn7glLxpdYfYq79rsO0S/
user:$apr1$CcVDTM1W$0MZ9nZ8xeV.z16WhCREne.

Note: In case of multiple accounts, add one user:passwd entry per line.

You have now successfully enabled password protection for the entire site. You can easily test it by accessing one of the files within that directory from your browser – http://funfetti.in/fullpath.php. You should be greeted with a prompt for a username and password –

Password protection is commonly used to protect one of the most important sections of your WordPress site – the wp-admin folder. However this might pose issues as the admin screens use Ajax. For those who are new to the term, ajax is the technology that allows a web page to fetch new information and present itself without refreshing the page. If you face such a problem, you need to add the following lines to the .htaccess file within the wp-admin folder –

<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>