Password protecting your site in the DreamHost panel

This article describes how to use the panel to password protect your website or a subdirectory on your website.

Sometimes you may need more control over how your directories are password protected, such as when you might already have an .htaccess file in a directory and you don't want the automatically-generated one to overwrite it. If so, you can manually create and edit the .htaccess file instead of using the panel.

View the Password protecting your site with an .htaccess file article for further details on how to manually password protect a directory or file.

The following procedure overwrites any .htaccess file you may already have. Be sure to backup your existing .htaccess file before beginning the steps on this page.

1. Navigate to the Htaccess/WebDAV page.
2. Click the domain you wish to password protect.

   A list of your domains appear on the Htaccess/WebDAV page. Domains must be fully-hosted in order to display here:

   

3. Click the Set Up a New Directory button.

   The WebDAV configuration page appears:

   

4. Make your selections based on the information described in the following table.

   Field Name	Action and Description
   Directory name	Enter the directory you'd like to protect (leave it blank to protect the entire domain.) NOTE: If you wish to password protect a subdirectory, you must first create it in your FTP account.
   Password-protect this dir?	Check this box.
   Enable WebDAV on this dir?	You can leave this unchecked if you don’t need to use WebDAV on this domain.
   Directory “name”	Enter the name you'd like to call this area (this appears in the pop-up window asking for your password).
   User accounts for this area	Enter a username and password that is allowed access to the password-protected domain/directory. Each line consists of a single username password in the format 'username password'. In the screenshot above, ‘username1’ uses the password ‘password1’.
   Forbid linking to files in this dir?	Check this box if you'd like certain file types to be forbidden.
   Forbidden file extensions	Add the forbidden extensions here.
   Domains that may still link	Add domains that will not be forbidden from accessing this content.

5. When you finish entering the selections, scroll down to the bottom of the page and click the Configure This Directory button.

Within 10 minutes, this directory on your site is protected.

Once everything is configured, a new .htaccess and .htpasswd file appear in your website’s directory. The .htaccess file consists of the following code:

### Generated by Dreamhost. DO NOT modify!!! ###
AuthType Basic
AuthUserFile /home/exampleuser/websitehelp.support/public/.htpasswd
AuthName "Members Area"
require valid-user
################################################

The .htpasswd file only shows the encrypted password you chose for username1:

username1:$1$MVq7Nkc/$GTaN0dRkCsiXJpFNxYs8V.

When you visit your website in a browser, a pop-up authentication box appears that asks you to enter your credentials:

Only the users you added through the panel in the ‘User accounts for this area' field are able to access the site.