There are times when working on a WordPress site that you might not want it accessible to the public. Perhaps you’re developing a site for a client, and you only want them to have access. An easy way to lock down your site is to password protect it. You can do this with our MyKinsta .htpasswd tool which uses what is referred to as basic HTTP authentication.

Follow the steps below to enable password protection on your site.

How to Enable Password Protection on Your Site

Our .htpasswd tool adds password protection to your entire WordPress site, not just the WordPress admin. The tool is available for both live sites and staging environments.

Important

If you’ve already asked us to add password protection on your site, our previous rules will override this tool. To disable the protection we manually added to your environment, please reach out to our support team.

Step 1

Log in to the MyKinsta dashboard.

Step 2

Click on the site that you want to enable password protection on.

MyKinsta site

MyKinsta site

Step 3

Click on “Tools” on the left-hand side. Then scroll down and under “Password protection” click on “Enable.”

Enable .htpasswd protection

Enable .htpasswd protection

Step 4

Choose a username and password for which you’ll use for authentication. You can easily generate a new password and copy it to your clipboard using the icons next to the password field. Then click on “Enable.”

.htpasswd username and password

.htpasswd username and password

We use Nginx at Kinsta. The tool creates a hidden file in the Nginx configuration of your site which stores your encrypted username and password.

Step 5

You can then visit your WordPress site to ensure it’s working properly. When trying to access your site, you will see a “Sign in” box as seen below asking for your .htpasswd credentials. Example in Google Chrome below. Simply enter in your username and password you set up in the tool and click on “Sign In.”

.htpasswd authentication prompt

.htpasswd authentication prompt

You will then be able to access your WordPress site for the remainder of your browser’s session.

.htpasswd successful authentication

.htpasswd successful authentication

Wrong Credentials or Canceling Prompt

If a wrong username or password is entered, the “Sign in” box will simply reappear. If the credentials prompt is closed or canceled, the user will be met with a “401 Authorization Required” message. The browser will return a 401 HTTP status code.

Nginx 401 authorization required error in Chrome

Nginx 401 authorization required error in Chrome

Alternate Prompts in Different Browsers

The security prompt might appear slightly different based on the browser you’re using. For example, in Mozilla Firefox, you will see an “Authentication Required” window.

Authentication required prompt in Firefox

Authentication required prompt in Firefox

In Safari the login prompt will look like this.

.htpasswd login prompt in Safari

.htpasswd login prompt in Safari

How to Change Credentials or Disable Password Protection

You can change the credentials or disable password protection at any time by going back to the .htpasswd tool in the MyKinsta dashboard and clicking on the “Modify” button.

Change or disable .htpasswd

Change or disable .htpasswd

If you need to password protect just a portion of your site or even a specific page, check out our in-depth guide on WordPress password protection.

You can also open up a support ticket with our team if you need additional help. We’re here to help.

6
Shares