How to password protect a single file with htaccess
The .htaccess file is a powerful tool where many behind the scene things are handled. In addition to things such as forcing a specific url formatting, it can also help with access to certain pages. Many sites have members only areas of their websites. These are either coded to check against a database with languages such as php, or grouped together into a single subfolder that is password protected via the cPanel.
There are times, however, when you may only want to password protect a single page that is in an otherwise public folder. Perhaps the program you built your site with does not create subfolders, such as the Premium Website Builder, and moving a file to a protected area would break the links on the site. This is where the htaccess file can help. Follow the instructions below as we guide you through password protecting a single file via your htaccess file.
Password protecting a single file on your website:
- First we want to create a username and an encoded password that we will use for the login. This is not done directly in the cpanel, but from a site on the web that can encode the word you want to use as your password. There are many sites that have scripts to do this. The link we have here is from 4WebHelp.net which is a webmaster tools site.
- From the site link, copy and paste the code it gives you to a text editor as you will need it later. For reference, the format of the code it gives you is username:encoded_password.
- Next, you want to log into your cPanel.
- Find the Files category and click on the File Manager icon.
- You are now in the home directory of the hosting account. The home directory is not accessible from the web via a URL, so it is more secure. We want to create a password file here that will be used to check access for users trying to get to the file we are going to protect. You will want to create a new text file. To do so, find the New File icon from the top menu bar and click it.
- A popup will appear, asking to name the file. Here we named it .htpassword (Note that the filename begins with a period. This is intentional as it makes the file hidden.) Below that is a field to enter a path to store the file. Leave it blank so it will default to the root folder. Click on Create New File to continue.
- From here, click on the Settings button in the upper right corner.
- Click on the Show Hidden Files checkbox and then click Save.
- The new file is now in your account. In the right hand pane, scroll down until you find the file, then right click on it. Click on the Edit option from the menu that appears. A popup will appear, simply click on the Edit button in the lower right to continue.
- We are now in the editor. Cut and paste the username and password code you were given before. Keep the code as a single line and do not edit it. Click on the Save Changes button to save the file.
- Now, we want to move to the root folder for your domain and alter the .htaccess file so that visitors are challenged with the login prompt. If you are working with the primary domain, double click on the public_html folder to enter. For addon domains, double click on the public_html folder and then find the subfolder that is the root for the domain and double click that one to enter its root. For our example, we are using the primary domain. Locate the .htaccess file and right click it as you did before with your password file. This also brings up a menu. Find and click on the Edit option. If you get a popup box, simply find and click the Edit button in the lower right corner to continue to the editor.
- You are now in the text editor for the .htaccess file. Place the following code into your htaccess so that it prompts the visitor for a login.
AuthName "name of login prompt"
The pagename should be the exact page in that directory, not an absolute path.
For example: /home/user/public_html/wp-login.php would just have wp-login.php in the .htaccess file in that directory.
- Before you save it, there are a few items to change. First, change '/path/to/htpasswd/file/.htpassword' to the actual path to your .htpassword file. For example, your path would look like /home/username/.htpassword (be sure to replace 'username' with your real cpanel username.)
- Second, change the AuthName to something meanignful. This is the title of the login prompt.
- Third, the file name needs to reflect the name of the page you are protecting. Change 'mypage.html' to the actual file name.
- Click on the Save Changes button at the top to save the file.
- Visit the page on your site to ensure that it is asking for the login. Once you log in, the site will likely not ask again when you return as the browser remembers your previous visit.
Support Center LoginOur Login page has moved, Click the button below to be taken to the login page.
Social Media Login
2015-08-11 9:56 am
Thank you for your support,
I did all these steps well, but the login don't accept my user/password.
2015-08-12 12:19 am
Can you post what you put in your .htaccess file so we can make sure you have all of the required information? You can modify anything that is considered sensitive such as your cPanel username.
2016-09-10 8:08 am
I did same thing step by step, and got this: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator at firstname.lastname@example.org to inform them of the time this error occurred, and the actions you performed just before this error. More information about this error may be available in the server error log. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
2016-09-12 10:42 am
Check any other existing rules, as they may be interfering with this one. It may be helpful to comment them out one-by-one.
2017-10-12 3:12 pm
I had similar "it didn't work" experiences. Turns out that my webhost has a much deeper path to the .htpasswd file. When I obtained their full absolute path, it worked.
For, example, instead of the path as I saw it starting at my webroot:
I needed to put the path from the root of the host web server:
AuthUserFile /home/content/xx/yyzz/html/security/.htpasswd Once I made that change, it worked fine.