This article describes how to use the panel to password protect your website or a subdirectory on your website.
No access to your .htaccess and .htpasswd files
The instructions in this article create an .htaccess and .htpasswd file which will be owned by the server. This means you will not be able to manually edit either of these files if you need to. Additionally, these instructions will overwrite any existing .htaccess file. Make sure to backup your existing .htaccess file before beginning these steps.
If you will need access to your .htaccess and .htpasswd file at any time in the future, you should follow the directions in the following article instead.
These instructions walk you through how to manually create your .htaccess and .htpasswd file.
Creating an .htaccess file in your panel
- Navigate to the Htaccess/WebDAV page.
- Click the domain you wish to password protect.
- A list of your domains appear on the Htaccess/WebDAV page. Domains must be fully-hosted in order to display here:
- Click the Set Up a New Directory button.
- The WebDAV configuration page appears:
- Make your selections based on the information described in the following table.
- Field Name
- Action and Description
- Directory name
- Enter the directory you'd like to protect (leave it blank to protect the entire domain.)
- NOTE: If you wish to password protect a subdirectory, you must first create it in your FTP account.
- Password-protect this dir?
- Check this box.
- Enable WebDAV on this dir?
- You can leave this unchecked if you don’t need to use WebDAV on this domain.
- Directory “name”
- Enter the name you'd like to call this area (this appears in the pop-up window asking for your password).
- User accounts for this area
- Enter a username and password that is allowed access to the password-protected domain/directory. Each line consists of a single username password in the format 'username password'. In the screenshot above, ‘username1’ uses the password ‘password1’.
- Forbid linking to files in this dir?
- Check this box if you'd like certain file types to be forbidden.
- Forbidden file extensions
- Add the forbidden extensions here.
- Domains that may still link
- Add domains that will not be forbidden from accessing this content.
- When you finish entering the selections, scroll down to the bottom of the page and click the Configure This Directory button.
Within 10 minutes, this directory on your site is protected.
Testing the .htaccess file
Once everything is configured, a new .htaccess and .htpasswd file appear in your website’s directory. The .htaccess file consists of the following code:
Change username to your Shell user and example.com to your website.
### Generated by Dreamhost. DO NOT modify!!! ### AuthType Basic AuthUserFile /home/username/example.com/public/.htpasswd AuthName "Members Area" require valid-user ################################################
The .htpasswd file only shows the encrypted password you chose for username1:
- When you visit your website in a browser, a pop-up authentication box appears that asks you to enter your credentials:
Only the users you added through the panel in the ‘User accounts for this area' field are able to access the site.
- Official htpasswd documentation – manage user files for basic authentication
- Apache .htpasswd Password Formats – explains the available encryptions