How to Password Protect Your Entire Site

This tutorial will show you an easy way to password protect your entire site.

This technique is very useful for development sites, where you don't want users or Google to access your work.

Let's get started.

Step #1. Access your site's root

  • Using FTP or your host's file manager, navigate to the root folder that contains your site.
  • Usually, it's in the "public_html", "www" or "htdocs" folder.

Step #2. Create a htpasswd file in the root

Within the folder that your site is in, create a .htpasswd file (note the dot in front of the file name).

Within the file, put the following content:


And change the username and password to your liking. For the password, be sure to use some capitals and special characters.

Step #3. Modify your .htaccess file

At the top of your .htaccess file, add the following content:

AuthUserFile "/home/username/public_html/.htpasswd"
AuthName "Restricted Area"
AuthType Basic
require valid-user
RewriteEngine On
RewriteRule \.htpasswd$ - [F,L]

Replace /home/username/public_html/ with your actual path to the root folder.

Step #4. Check to make sure it works

Finally, navigate to the front-end of your site and make sure the login works. It should look similar to the following:

How to Password Protect Your Entire Site

That's it! That's all there is to it. Your site is now completely password protected on every page.

About the author

Nick is the Director of Support at OSTraining and you can find him in almost every area of the site, from answering support requests and account questions to creating tutorials and software.