Press "Enter" to skip to content

How to password protect any directory with .htaccess

There are two ways to protect any directory if you are using Apache Web Server. You can manually protect any directory with .htaccess, or using control panel Plesk Onyx. First I will show the easiest way to do it with Plesk Onyx. If you wish to have more options you should jump to manual protecting with .htaccess.

1. Login into your Plesk Onyx, choose a domain and click on “Password-Protected Directories”.

Plesk Onyx Password-Protected Directories

2. Click on “Add Protected Directory” and add directory name. For example /wp-admin.
Create a protected directory

3. After directory was successfully created it will appear on the list. Click on a selected directory and “Add a User“. Add username and password for selected directory. Create user for the protected directory

Now you are done and your directory is safe. This was the easiest way to do it if you wish to have more options you should do it manually.

Manual Method

1. You need to generate htpasswd file using this generator. Then you need to upload it outside /public_html or /httpdocs directory.

2. Now create .htaccess file and upload it for example in /wp-admin directory with this code:

AuthName “Restricted Access”
AuthUserFile /var/www/vhosts/yourdirectory/passwd
AuthGroupFile /dev/null
AuthType basic
require user YourUserName

You must update your username in there. Also, don’t forget to update the AuthUserFile location path.

3. You can deny visitors by IP address by adding next code in .htaccess file:

order allow,deny
allow from
deny from all

The above lines tell the Apache Web Server to block all visitors except those with the IP address ‘’, which you should replace with your own IP address.

    Leave a Reply

    Your email address will not be published.