• 0

Password protecting a domain using .htaccess



hello dear experts, 

i am currently trying to achieve password protect a domain and all of it's subdirectories and files, but my knowledge on the matter is very limited, how can I go about doing that?

i want to do this for a wordpress site - in other words:; i want to passwordprotect a site ;  i guess that this is a simple two step process  - In the .htaccess i think i can put

AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd
require valid-user

for the password generation i can use 

- the passwordgenerator of python or 
- the passwordgenerator of keepass or i also can make 
- use of http://www.htaccesstools.com/htpasswd-generator/ or simpliy 
- command line to generate password and put it in the .htpasswd

Note 1: i am using winSCP or filezila to put it to the server - btw. should i do more confifguration; e.g. configure in the security section "Password Protect Directories"

then propably we need to do a AllowOverride All to the directory of the .htaccess (or at least to previous ones) in http.conf followed by a apache restart

<Directory /path/to/the/directory/of/htaccess>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride All

note:  what if i want to have this protection in a special way - so that i can 

- call the domain 
- open the passwordprotected site - and have access to the site for 2 or 3 hours 
- is this possible?!

note - generally i have learned that i can passwordprotect a directory served by Apache via  a .htaccess file in the directory we want to protect and a .htpasswd file that can be anywhere on our system that the Apache user can access (but put it somewhere sensible and private). 
is it a good idea to put .htpasswd in the same folder as .htaccess. The .htaccess file for the wordpress already exists:  if it would not exixt i should have to create it and insert:

AuthType Basic
AuthName "Your authorization required message."
AuthUserFile /path/to/.htpasswd
require valid-user

Then we should create a .htpasswd file using whatever username and password we want.  And yes: The password should be encrypted. 

note: i am on a Linux server, - well here we can use the htpasswd command which will encrypt the password for us. Here is how that command can be used for this:

htpasswd -b /path/to/password/file username password

the question is: how to achive that: what if i want to have this protection in a special way - so that i can 


- call the domain 
- open the passwordprotected site - and have access to the site for 2 or 3 hours 
- is this possible?!

Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0



- well i probably can take a wp-plugin --... since all i want to protect is a wp-site itself.. what do you say bout this following plugin .. and its concepts:


How to Restrict WordPress Site Access by IP or Logged In ...






- Adds a number of new configuration options to the Reading settings panel as well as the Network Settings panel in multisite. From these panels you can:

- Enable or disable site restriction

- Change the restriction behavior: send to login, redirect, display a message, display a page

- Add IP addresses to an unrestricted list, including ranges

- Quickly add your current IP to the unrestricted list

- Customize the redirect location, including an option to send them to the same requested path and set the HTTP status code for SEO friendliness

- Define a simple message to show restricted visitors, or select a page to show them – great for „coming soon“ teasers!




Protecting my development and test sites with this Plugin has been part of my workflow for a long time. 

It’s simple, effective and elegant–works so seamlessly that I forget it’s not just part of core WordPress. 
I’m delighted to see the authors are continuing to actively support it as is evidenced by the “Under 
the hood refactoring and clean up for performance and maintainability” in the latest maintenance releas

this plugin is briliant if you want to launch a new site of work on an existing one. 
You simply generate a new ‘coming soon’ page with your favorite page builder and point to it. 
You add your IP (and everyone else’s you want to give access to) and you can savely test processes on the live url, 
with everybody else being denied access.

great plug-in to restrict site access by IP address.
I’m glad I found this useful and easy to use plug-in (settings through Dashboard, Settings, Reading, below)

After trying a few plugins who gave a lot of really advanced options. And took too long for my attention span to get 
it working. This charming little plugin came in. And all was well.

am a divi user and this plugin allows me to create my maintenance pages with the builder. Very nice !
I am staging on the internet and wanted to hide my development. This works perfectly. most construction page plugins are very limited in what they do. with this plugin you can put your old html site into a subfolder while contructing your stunning wordpress pages by redirecting visitors to the subfolder. works like a charme



....well after all this sound interesting . guess that i will  give it a try



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.