To add password protection to your website you need to create a file to store usernames/passwords and add some code into a .htaccess file. This guide will show customers using LCN web hosting and WordPress hosting how to get password protection working in no time.

Let’s get started…

Creating the password file

The password file is a simple text file that contains a username and password separated by a colon (:). However, for security purposes the password must be encrypted. There’re lots of free tools that will encrypt the password for you, but you can use our tool below. Simply enter the username and password you want to use and we'll generate a string of text that you can copy and paste.



  1. Create a file using a text editor such as Notepad or TextEdit.
  2. Save the file as: .htpasswd
  3. Copy and paste the username/password string generated using our tool into the document.
  4. Upload the .htpasswd file to your website using FTP.

  5. Please note: instructions on uploading the file to your website can be found here.

For extra security make sure that it is outside of your web folder so that it can never be accessed by someone going to http://www.domain.com/.htpasswd. Our hosting servers will block web access to any files beginning with .ht, but it’s recommended that the password file is not in a publicly accessible folder.

Creating the .htaccess file

Once you’ve created and uploaded your .htpasswd file you'll need to create a .htaccess file to tell the web server what folder you want to protect and what username/password file to use.

  1. Create a file using a text editor such as Notepad or TextEdit.
  2. Save the file as: .htaccess (without any additional file extension).
  3. Enter the following lines of text within the file:

  4. AuthType Basic
    AuthName "My Protected Folder" 
    AuthUserFile /www/sites/5ce/448/www.domain.com/.htpasswd 
    require valid-user
    

Let's go through the parameters you've just set:

    Line 1 - Defines the type of authentication the web server will use, ‘Basic’ is perfectly adequate for what we need.

    Line 2 - Sets the title of the username/password box that will popup when someone tries to view your protected page.

    Line 3 - Tells the web server where to find the username/password file. To find out the full path to your web folder:

  • Login to your LCN account.
  • Click the Hosting icon.
  • Click on manage.
  • The full path is displayed in the Document Root row under Hosting Summary.

  • Line 4 - Tells the web server who in your .htpasswd file can access your folder, by using valid-user everyone in the file can view the folder.

Where to upload your .htaccess file

The .htaccess file above will protect all the files in the folder it is uploaded into, and the sub-folders under it. For example, if you wanted to protect your entire website you could place the .htaccess file in your web folder.


That’s it! You’ve successfully password protected your website.

Related guides

Need a hand? Search over a hundred step-by-step support guides