How to password protect a single file with htaccess
The .htaccess file is a powerful tool where many behind the scene things are handled. In addition to things such as forcing a specific url formatting, it can also help with access to certain pages. Many sites have members only areas of their websites. These are either coded to check against a database with languages such as php, or grouped together into a single subfolder that is password protected via the cPanel.
There are times, however, when you may only want to password protect a single page that is in an otherwise public folder. Perhaps the program you built your site with does not create subfolders, such as the Premium Website Builder, and moving a file to a protected area would break the links on the site. This is where the htaccess file can help. Follow the instructions below as we guide you through password protecting a single file via your htaccess file.
Password protecting a single file on your website:
- First we want to create a username and an encoded password that we will use for the login. This is not done directly in the cpanel, but from a site on the web that can encode the word you want to use as your password. There are many sites that have scripts to do this. The link we have here is from 4WebHelp.net which is a webmaster tools site.
- From the site link, copy and paste the code it gives you to a text editor as you will need it later. For reference, the format of the code it gives you is username:encoded_password.
- Next, you want to log into your cPanel.
- Find the Files category and click on the File Manager icon.
- A popup box will appear. We need to make a quick stop in the Home directory so we can create a file that is not accessible directly from a web browser. Select the Home Directory option. Also ensure the Show Hidden Files option is checked. From there, click on the Go button at the bottom.
- You are now in the home directory of the hosting account. The home directory is not accessible from the web via a URL, so it is more secure. We want to create a password file here that will be used to check access for users trying to get to the file we are going to protect. You will want to create a new text file. To do so, find the New File icon from the top menu bar and click it.
- A popup will appear, asking to name the file. Here we named it .htpassword (Note that the filename begins with a period. This is intentional as it makes the file hidden.) Below that is a field to enter a path to store the file. Leave it blank so it will default to the root folder. Click on Create New File to continue.
- The new file is now in your account. In the right hand pane, scroll down until you find the file, then right click on it. Click on the Edit option from the menu that appears. A popup will appear, simply click on the Edit button in the lower right to continue.
- We are now in the editor. Cut and paste the username and password code you were given before. Keep the code as a single line and do not edit it. Click on the Save Changes button to save the file.
- Now, we want to move to the root folder for your domain and alter the .htaccess file so that visitors are challenged with the login prompt. If you are working with the primary domain, double click on the public_html folder to enter. For addon domains, double click on the public_html folder and then find the subfolder that is the root for the domain and double click that one to enter its root. For our example, we are using the primary domain. Locate the .htaccess file and right click it as you did before with your password file. This also brings up a menu. Find and click on the Edit option. If you get a popup box, simply find and click the Edit button in the lower right corner to continue to the editor.
- You are now in the text editor for the .htaccess file. Place the following code into your htaccess so that it prompts the visitor for a login.
AuthName "name of login prompt"
The pagename should be the exact page in that directory, not an absolute path.
For example: /home/user/public_html/wp-login.php would just have wp-login.php in the .htaccess file in that directory.
- Before you save it, there are a few items to change. First, change '/path/to/htpasswd/file/.htpassword' to the actual path to your .htpassword file. For example, your path would look like /home/username/.htpassword (be sure to replace 'username' with your real cpanel username.)
- Second, change the AuthName to something meanignful. This is the title of the login prompt.
- Third, the file name needs to reflect the name of the page you are protecting. Change 'mypage.html' to the actual file name.
- Click on the Save Changes button at the top to save the file.
- Visit the page on your site to ensure that it is asking for the login. Once you log in, the site will likely not ask again when you return as the browser remembers your previous visit.