Provided by KU Information Technology

Protect your website using a general username and password

If you are hosting your site on a KU web server (www2, web, people, groups), you have the option of using htpasswd to restrict access to your web pages. Doing this requires secure-shell access (ssh), which can be accomplished by running a program such as putty. The below are the steps you would take to create a folder called "secure" on your website that is password restricted.

Connect to your site using whatever web development client you use.

Create the folder you want to secure. In this example, we create a folder called "secure".

Create a new file in the folder "secure" called ".htaccess" (notice the period at the beginning of the filename) with the following information:
Note: make SURE you are in code view if you are doing this in not do this in design view
Note: username as referred to throughout this document is the login username your site resides under

AuthUserFile /home/username/.htpasswd 
AuthType Basic 
AuthName "Password Protected" 
Require valid-user

Save the above and "put" or upload it to the server.

Open up your ssh client (eg, putty) and connect to the webserver your site is on (,, or

Run the .htpasswd command by typing and substituting whatever username you want to create with "john".

htpasswd -c /home/username/.htpasswd john

If you would like to add additional usernames to this file, run the command:

htpasswd /home/username/.htpasswd dave

Set the correct permissions on these two files you created:

chmod 644 /home/username/.htpasswd 
chmod 644 /home/username/public_html/secure/.htaccess

Open up your new folder in a web browser and make sure the password protection exists.

Troubleshooting tips

Having a problem with a website?  Try these tips:

  1. Clear your web browser cache
  2. Restart your web browser
  3. Try a different browser (we recommend Firefox or Chrome)