How to Restrict Website Access with Password Authentication Prompts

Restricting access to certain parts of your website can be very useful for a variety of reasons. You may have an intranet site that you only want employees to access. Or you may be selling digital products and want to limit access to paying customers.

Using password authentication prompts is one of the most common ways to restrict website access. Here is a step-by-step guide on how to set this up.

Why Restrict Access?

There are a few key reasons you may want to restrict access to parts of your website:

  • Protect sensitive information – By adding password authentication, you can ensure that only authorized users can access private or confidential data. This is especially important for intranet sites.
  • Sell access to premium content – If you charge for certain content like ebooks, courses, or software, requiring a login can ensure only paying customers get access.
  • Reduce bandwidth usage – Restricting access means less total traffic to those protected pages, which saves on hosting bandwidth costs.
  • Improve security – Requiring a login adds an extra layer of security compared to leaving pages completely public.

Methods to Restrict Access

There are a few different ways you can go about restricting access to pages on your site. Here are some of the most common methods:

1. HTTP Authentication

This uses an .htaccess file and .htpasswd file to prompt visitors for a username and password. It works well for simple password protection needs.

2. Password Protection Plugins

Plugins like Password Protected allow you to easily password protect pages and posts without needing to edit any code. This method is beginner friendly.

3. Membership Plugins

Membership plugins allow you to create an entire membership site, with tiered access levels, drip content, and more advanced functionality. Some popular options are MemberPress and WishList Member.

Out of these options, HTTP authentication is the most straightforward way to quickly add a password prompt to your site. So that is what we’ll cover in this guide.

Step 1 – Create an .htpasswd File

The .htpasswd file stores the username and encrypted password that visitors will need to enter. Here are the steps to generate this file:

  1. Connect to your server via SSH.
  2. Navigate to the root folder of your site. For example, cd /var/www/html/
  3. Run the following command, replacing username with the desired username:
   htpasswd -c .htpasswd username
  1. Enter a password at the prompt.
  2. Repeat steps 3-4 to add additional usernames/passwords if needed.

Step 2 – Create an .htaccess File

The .htaccess file contains the instructions to enable password authentication and point to the .htpasswd file. Here is the code:

AuthType Basic
AuthName "Restricted Area" 
AuthUserFile /path/to/.htpasswd
Require valid-user

Replace /path/to/ with the path to your .htpasswd file.

Step 3 – Upload Files and Test

Upload both the .htaccess and .htpasswd files to the root folder of your site. Then visit your site and you should be greeted with an authentication prompt.

Enter one of the usernames/passwords you set up to test it out. You should then be able to access the protected content.

Tips for Effective Password Authentication

Here are some additional tips when using password authentication:

  • Pick a descriptive name – In the .htaccess file, the AuthName can be customized. Pick something descriptive so users know what they are accessing.
  • Protect specific pages/folders – You can just password protect certain pages or subfolders instead of the entire site. Place the .htaccess/.htpasswd files there.
  • Allow IP address exceptions – Whitelist certain IP addresses so they don’t get the login prompt. Useful for your own IP when testing.
  • Automate adding users – Instead of manually adding each user to .htpasswd, use a script to automate it from a database.
  • Consider two-factor authentication – For better security, consider adding two-factor authentication via plugins.

Alternative Methods

If HTTP authentication doesn’t meet your needs, here are a couple alternative options:

Membership Plugins

As mentioned previously, WordPress membership plugins provide much more flexibility and advanced functionality than basic HTTP authentication.

With a membership plugin you can have:

  • Multiple access levels
  • Drip feed content over time
  • Discussion forums just for members
  • Discount pricing for members
  • And more…

So if you want to create a full-blown membership site, a plugin like MemberPress is a great choice.

Single Sign-On Solutions

For intranet sites, you may want to integrate with an existing single sign-on solution like Active Directory.

Plugins like MiniOrange allow you to easily integrate AD authentication or other SSO providers with WordPress.

This way employees can use the same login credentials they already have instead of needing a separate username/password just for your site.


Adding password authentication prompts is a straightforward way to restrict access for parts of your WordPress site.

By using an .htaccess and .htpasswd file, you can prompt visitors to login before viewing pages you want to protect.

Just remember to pick descriptive names, selectively choose what you want to protect, and optimize the user experience for accessing restricted content.

Restricting access with logins can help improve security, reduce bandwidth usage, sell premium content, and more.