What's WP
Find Everything Related to WordPress - Best Tutoriasl on WordPress!
Why and How to Password Protect Website?

Why and How to Password Protect Website?

As a WordPress user, you may create important folders on your server now and then. However, some of them are too private or secret to let others know. Under this condition, creating a password to protect a folder or even the whole site becomes emergency and necessary. Once you have successfully finished the process, only those who are authorized can get access to your private information.

If your site is a password safeguarded website only allowing permitted people to visit, then readers can encounter a pop-up format that asks for username and password before entering your website. In the following, we write the whole process step by step to ensure everyone can password protect website without much hassle.

Why Should You Password Protect Your Website?

Some people may feel confused that why should they create password and keep ordinary visitors away as traffic is the most important thing for a website. Actually, there are some situations that site managers need to password protect their website and only appointed ones to see it.

  • If you are going to change your site dramatically, then, you need to password protect is until it is ready to launch.
  • There may be important sections on your site and you only want some selected people to see it.

Password Protect A Folder

Sometimes, you may do not want to set the password for the whole website, but simply for some special folders. If you are in this situation, you can refer to your cPanel control panel to finish the process.

Go to your hosting account and log into cPanel. Scroll down and you can see a Password Protection Directories icon under Security category.

password protect directons

Click on the icon and a window will pop up and you are asked to select a directory to open (you should choose the one contains the targeted folder). Then, under the directory opened just now, you can see many folders there. Now, just choose the one you want to add password to and click on it.

open directory

Once you have chosen a folder, you are required to configure the Security settings and Create user. Make sure to select the check box of Password Protect This Directory. Then, set the name of the protected directory and click to save settings. Therefore, when a user accesses the protected directory through the web, they are prompted to enter a user name and password.

click save

After doing these, you need to navigate to Create User. In this part, you are going to fill in Username and New Password. Under all the blanks, there is a notification reading Add/Modify Authorized User. This button allows you to change user name, password and of course, create as many users as you want. Here, you create a password for a specified folder successfully.

create users

Password Protect the Whole Site

If you want the whole site is password protected, then you need to follow three steps: create a password file, create a .htaccess file, and upload the .htaccess file. You can check the detailed information as following.

Create a Password File

passwordTo password protect your website, the first thing is to create a pair of username and password for your site. Note that the password needs to be encrypted; therefore, you can go to htmlite’s htpasswd encryption page to create the password. Latter, set up a text file on your server and name it as .htpasswd. Then, copy and paste the built username and password to the newly created file.

After successfully establishing the file, the next step is to upload it to your website. If you are confused about how to upload a file, please read this article. Pay attention that you’d better keep the file away from the Web root where everyone can see it. However, if you fail to do this, then, try to change the file name into a complicated and irrelevant one such as .htthjsdh. In this way, it is not easy for people to discover it is a password file.

Create the .htaccess File

Now, you create a password file successfully. The following step is to inform your server using it to protect your website. To achieve this, you need to create the .htaccess file to order your server. Firstly, open a text editor and create a file named as .htaccess. Then, copy and paste the codes in below to the file.

Create Htaccess File

Note that the /full/path/to/.htpasswd means the full path to the .htpasswd file uploaded before. The path needs to be the whole process from the web server to the file, such as /home/password/.htpasswd.

Upload the .htaccess File

Now that the .htaccess file is created successfully, you need to upload it to your website. As our task is to protect the whole website; thus, we need to put the .htaccess file into the Web root folder. Then, your website can be password protected. Whenever people visit your website, they are asked for a username and password before getting to the web pages.


Due to the fact that the process to password protect your site can be operated easily with the cPanel control panel, we highly recommended you choose some web hosts that not only offer safe hosing service, but also provide customers with cPanel. Thus, we comprehensively reviewed dozens of hosting companies on the web and finally pick out the following three web hosts with rich features, high reliability, fast speed, responsive customer service, and affordable price.


Lucy has been a very experienced SEOer, technical writer, web developer, c# developer since 2002. Now she owns a startup in San Francisco, CA, focusing on running a couple of blogs to share knowledge and experience with global readers and deliver exceptional results to global sponsors by leveraging the power of Internet.