htpasswd Protection

When working on a WordPress site, there may be times when you may not want it to be accessible to the public. Perhaps you’re developing a site for a client and only want that client to have access. A relatively easy way to lock down your site is to password protect it. You can do this with our MyKinsta .htpasswd tool, which uses what is referred to as basic HTTP authentication.

Follow the steps below to enable password protection on your site.

How to Enable Password Protection on Your Site

Our .htpasswd tool adds password protection to your entire WordPress site, not just the WordPress admin. The tool is available for both live sites and staging environments.

  1. Log in to MyKinsta.
  2. Go to WordPress Sites and click on the site that you want to enable password protection on.
  3. Click on Tools on the left-hand side. Then scroll down and under Password protection and click the Enable button.
    Enable .htpasswd protection.
    Enable .htpasswd protection.


  4. In the Enable password protection modal/pop-up that appears, enter a Username and Password to use for authentication. To generate a new password and copy it to your clipboard, use the refresh (redo) and copy icons next to the password field. Then click the Enable button.
    .htpasswd username and password
    .htpasswd username and password
  5. You can then visit your WordPress site to ensure it’s working correctly. When trying to access your site, you will see a modal/pop-up asking for your Username and Password. Enter the Username and Password you set up in the Password protection tool in MyKinsta, and click the Sign In button.
.htpasswd authentication prompt
.htpasswd authentication prompt

You will then be able to access your WordPress site for the remainder of your browser’s session.

.htpasswd successful authentication
.htpasswd successful authentication

Wrong Credentials or Canceling Prompt

If a wrong username or password is entered, the modal/pop-up will reappear. If the credentials prompt is closed or canceled, the browser will return a 401 HTTP status code, and the user will see a “401 Authorization Required” message.

Nginx 401 authorization required error in Chrome
Nginx 401 authorization required error in Chrome

Alternate Prompts in Different Browsers

The security prompt may appear slightly different, depending on your browser. In Chrome, the modal/pop-up is titled Sign in (as shown above).

In Mozilla Firefox, it will be an Authentication Required modal/pop-up.

Authentication required prompt in Firefox.
Authentication required prompt in Firefox.

In Safari, it will be a Log in to… modal/pop-up.

.htpasswd login prompt in Safari
.htpasswd login prompt in Safari

How to Change Credentials or Disable Password Protection

You can change the credentials or disable password protection anytime by going back to the .htpasswd tool in MyKinsta and clicking on the Modify button.

Change or disable Password protection.
Change or disable Password protection.

If you need to password protect just a portion of your site, a specific page, or further customize logins, check out our in-depth guide on WordPress password protection.

You can also open a new chat with our Support team if you need additional help. We’re here to help.

Was this article helpful?