There are times when working on a WordPress site that you might not want it accessible to the public. Perhaps you’re developing a site for a client, and you only want them to have access. An easy way to lock down your site is to password protect it. You can do this with our MyKinsta
.htpasswd tool which uses what is referred to as basic HTTP authentication.
Follow the steps below to enable password protection on your site.
How to Enable Password Protection on Your Site
.htpasswd tool adds password protection to your entire WordPress site, not just the WordPress admin. The tool is available for both live sites and staging environments.
If you’ve already asked us to add password protection on your site, our previous rules will override this tool. To disable the protection we manually added to your environment, please reach out to our support team.
Log in to the MyKinsta dashboard.
Click on the site that you want to enable password protection on.
Click on “Tools” on the left-hand side. Then scroll down and under “Password protection” click on “Enable.”
Choose a username and password for which you’ll use for authentication. You can easily generate a new password and copy it to your clipboard using the icons next to the password field. Then click on “Enable.”
We use Nginx at Kinsta. The tool creates a hidden file in the Nginx configuration of your site which stores your encrypted username and password.
You can then visit your WordPress site to ensure it’s working properly. When trying to access your site, you will see a “Sign in” box as seen below asking for your
.htpasswd credentials. Example in Google Chrome below. Simply enter in your username and password you set up in the tool and click on “Sign In.”
You will then be able to access your WordPress site for the remainder of your browser’s session.
Wrong Credentials or Canceling Prompt
If a wrong username or password is entered, the “Sign in” box will simply reappear. If the credentials prompt is closed or canceled, the user will be met with a “401 Authorization Required” message. The browser will return a 401 HTTP status code.
Alternate Prompts in Different Browsers
The security prompt might appear slightly different based on the browser you’re using. For example, in Mozilla Firefox, you will see an “Authentication Required” window.
In Safari the login prompt will look like this.
How to Change Credentials or Disable Password Protection
You can change the credentials or disable password protection at any time by going back to the
.htpasswd tool in the MyKinsta dashboard and clicking on the “Modify” button.
If you need to password protect just a portion of your site or even a specific page, check out our in-depth guide on WordPress password protection.
You can also open up a support ticket with our team if you need additional help. We’re here to help.
If you enjoyed this tutorial, then you'll love our support. All Kinsta's hosting plans include 24/7 support from our veteran WordPress developers and engineers. Chat with the same team that backs our Fortune 500 clients. Check out our plans