Password Protect with htpasswd without htaccess (apache)

In this post, we’ll quickly go over password protecting your site with htpasswd and apache2, by passing htaccess altogether.


This post assumes you have a working LAMP Stack – or something close.


Open up your vhosts file. It should be located in /etc/apache2/sites-available/yoursite.conf where yoursite.conf is the vhost file with your property that needs password protection.

sudo nano /etc/apache2/sites-available/yoursite.conf


Update the <Directory /> block. You should change the Require all granted to Require valid-user. It should look somewhat similar to:

<Directory /site/dir/>
	AuthType Basic
	AuthName "Authentication Required"
	AuthUserFile "/path/to/.htpasswd"
	Require valid-user


Install htpasswd

If you don’t already have the apache2-utils installed, we’ll do so now, as that allows you to create a htpasswd user and password:

sudo apt-get install apache2-utils


Create a user and password

For these purposes, we’ll create a simple user: username with a password: password. You should change this to something more secure.

htpasswd -c /path/to/.htpasswd username

Follow the prompts for password creation and you’ll be done.


Already have an htpasswd user? See: Add User and Password to Existing htpasswd

Leave a Reply

Your email address will not be published. Required fields are marked *