Basic Password Protection

Last updated: January 12, 2023
Audience: All UW

This article provides step-by-step instructions for applying basic password protection to your website. Password protection is activated by creating a .htaccess file in the Web directory you want to protect. The .htaccess  file defines the name people use to log in to your website. The corresponding password is created separately by running the htpasswd command. If need be, you can extend this technique to use more than one name and password. Instructions are included below.

Basic Password Protection

To control access to your website using basic password protection:

  1. Log into your web development server using a terminal emulator. If you’re not sure how to do this, click here for instructions.
  2. At the prompt, enter the following command to change directories to your Web directory:
    cd public_html

    If you want to password protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example, if you have a directory named “private” that you want to protect:

    cd private
  3. At the prompt, enter the following command to create a .htaccess file in the current working directory:
    pico .htaccess
  4. Add the following text to the .htaccess file:
    AuthType Basic
    AuthUserFile .htpasswd
    AuthName "Town of Bedrock"
    require user fred
  5. Replace “Town of Bedrock” with your choice of text. This text is displayed when users are prompted for a name and password. Use something short that describes your password protected website. If you use multiple words with spaces between them, make sure to surround them in quotes.
  6. Replace “fred” with the name (all lowercase) you want to use.
  7. Save and close the file using Pico. (Click for instructions on how to use pico).
  8. Back at the prompt, enter the following command to create a password file:
    htpasswd -c .htpasswd fred

    fred” represents the username you set up in step 8. Once you enter this command, you will be prompted to enter and confirm “fred’s” password.

    Tip: If you get a “command not found” error message, you are probably not on the Web Development Environment. You should start these instructions over, paying special attention to steps 1-3.

  9. You’re done! Confirm that password protection is working by opening your website with a Web browser.

Adding More Names

To create additional names and passwords:

  1. At the prompt, edit the .htaccess file you created before:
    pico .htaccess
  2. Add additional names to the .htaccess file. For example:
    require user fred barney wilma
  3. Save and close the file using Pico. (Click for instructions on how to use pico).
  4. Now create a password for each additional name by entering the following command:
    htpasswd .htpasswd barney

    Substitute “barney” appropriately and repeat for each name you added.

If you have more than a few names, it might be easier to maintain them using the UW Groups Service.