There are times when working on a WordPress site that you may not want it accessible to the public. Perhaps you’re developing a site for a client, and you only want them to have access. A relatively easy way to lock down your site is to password protect it. You can do this with our MyKinsta .htpasswd tool, which uses what is referred to as basic HTTP authentication.

Follow the steps below to enable password protection on your site.

Prefer to watch the video version?

How to Enable Password Protection on Your Site

Our .htpasswd tool adds password protection to your entire WordPress site, not just the WordPress admin. The tool is available for both live sites and staging environments.

Step 1

Log in to MyKinsta.

Step 2

Click on the site that you want to enable password protection on.

Select your site in MyKinsta.
Select your site in MyKinsta.

Step 3

Click on Tools on the left-hand side. Then scroll down and under Password protection and click the Enable button.

Enable .htpasswd protection
Enable .htpasswd protection

Step 4

in the Enable password protection modal/pop-up that appears, enter a Username and Password to use for authentication. To generate a new password and copy it to your clipboard, use the refresh (redo) and copy icons next to the password field. Then click the Enable button.

.htpasswd username and password
.htpasswd username and password

Step 5

You can then visit your WordPress site to ensure it’s working correctly. When trying to access your site, you will see a modal/pop-up asking for your Username and Password. Enter the Username and Password you set up in the Password protection tool in MyKinsta, and click the Sign In button.

.htpasswd authentication prompt
.htpasswd authentication prompt

You will then be able to access your WordPress site for the remainder of your browser’s session.

.htpasswd successful authentication
.htpasswd successful authentication

Wrong Credentials or Canceling Prompt

If a wrong username or password is entered, the modal/pop-up will reappear. If the credentials prompt is closed or canceled, the browser will return a 401 HTTP status code, and the user will be met with a “401 Authorization Required” message.

Nginx 401 authorization required error in Chrome
Nginx 401 authorization required error in Chrome

Alternate Prompts in Different Browsers

The security prompt might appear slightly different based on the browser you’re using. In Chrome, the modal/pop-up is titled Sign in (as shown above).

In Mozilla Firefox, it will be an Authentication Required modal/pop-up.

Authentication required prompt in Firefox
Authentication required prompt in Firefox

In Safari, it will be a Log in modal/pop-up.

.htpasswd login prompt in Safari
.htpasswd login prompt in Safari

How to Change Credentials or Disable Password Protection

You can change the credentials or disable password protection at any time by going back to the .htpasswd tool in MyKinsta and clicking on the Modify button.

Change or disable .htpasswd
Change or disable .htpasswd

If you need to password protect just a portion of your site or even a specific page, check out our in-depth guide on WordPress password protection.

You can also open a new chat with our Support team if you need additional help. We’re here to help.