Open/Close Menu WordPress & WooCommerce Plugin & Theme Development

Password protect a website or a directory with no coding

A lot of users are worried about their website security and they want to add another level of security to admin areas. Web applications often provide their own authentication methods, but the web servers can also add extra security to the website.

You may have visited a web page that pops up a dialog box similar to the above image, you can have the same login dialog by using .htaccess and .htpasswd files.

For this post we consider that you want to password protect wp-admin directory. Which is the WordPress administration area and contains sensitive data and permissions. This WordPress folder needs extra care. You can use the same method to lock the whole website or other PHP websites and web applications.


Choose which directory to protect

Browse to wp-admin folder and create two files using a text editor and save them as .htaccess.htpasswd.

Note that these files have no names (they just have special extensions).

Htpasswd file contains username and password which you wish to use as extra security level and using htaccess file we tell web server which directory to protect.


Creating .htpasswd file

To tell web server which password you want to use, you need to encrypt it using Apache htpasswd executable binary file. Browse to apache\bin directory and open htpasswd.exe (.exe is the extension of it in Windows version).

Use this command to encrypt your password

(replace myuser with your desired name and also replace mypassword with your chosen password):

htpasswd.exe -nb myuser mypassword

Copy the result and save it in .htpasswd file.

If you don’t like working with command line password encryption, you man search “online htpasswd generator” using Google or another search engine and use other easier user interfaces.

Creating .htaccess file

Inside this file you need to point to .htpasswd file and ask the web server to only allow users with correct password to visit.

AuthType Basic
AuthName "Restricted Content"
AuthUserFile C:/mysite/host/www/codenegar/wp-admin/.htpasswd
Require valid-user

Replace the password file path you have created with C:/mysite/host/www/codenegar/wp-admin/.htpasswd

After saving files you can try to access your WordPress admin dashboard (or any other directory you have protected) and a pop up will ask you to provide credentials to view the page.
If you encounter any problem with accessing or forgot the password you may just remove your changes in .htaccess file or generate a new password and save in .htpasswd file.

© 2017 CodeNegar | Made with love.
Follow us: