🔐 How to password protect a specific page in Apache, Nginx, WordPress, hosting?

You may have some kind of confidential page that you want to password protect. Let’s take a look at how to do this on various instruments.

It is possible and very simple.

Why password protect a web page?

There can be many reasons, including:

  • Confidential data on the page
  • The page is not ready and you don’t want to make it public, but you want to share it with someone specific.

Whatever it is, let’s take a look at how you can protect your data.


Let’s take an example.

I want to protect / client on lab.itsecforu.ru, which means that if anyone gains access to https://lab.itsecforu.ru/client, the system must ask for a password.


Let’s start with Apache first.

The first thing we need to create is a password file that will store all of the credentials. The file name will be .htpasswd and you can place it anywhere on the server. I will create it in / etc / httpd / conf.

You can create a file using the touch command:

touch /etc/httpd/conf/.htpasswd

Let’s add a user who will be allowed access to / client. To do this, we need to use the htpasswd command.

htpasswd /etc/httpd/conf/.htpasswd itsecforu

The last section of itsecforu is the username.

Change it and press Enter.

htpasswd /etc/httpd/conf/.htpasswd itsecforu
New password:
Re-type new password:
Adding password for user itsecforu

If you open the file, you will notice that the password is stored in an encrypted format.

 cat /etc/httpd/conf/.htpasswd

Next, we need to instruct Apache to protect the URI we want. Modify the httpd.conf file or the configuration file you are using for your Apache instance. I am using the default installation so I am using /etc/httpd/conf/httpd.conf Add the following anywhere in the file

<Directory "/var/www/html/client">
Options Indexes FollowSymLinks
AuthType Basic
AuthName "Protected Content for Client"
AuthUserFile /etc/httpd/conf/.htpasswd
Require valid-user

If you already have the / var / www / html / client directive, then instead of adding a new section, you should simply add the following to the existing directive.

AuthType Basic
AuthName "Protected Content"
AuthUserFile /etc/httpd/conf/.htpasswd
Require valid-user

Restart Apache

service httpd restart

Try to access the / client page and it should ask for a password. Enter the credentials you set up earlier to view the content.


Let’s implement basic authentication in Nginx as follows.

We’ll need Apache Utils help to create credentials.

If Apache HTTP is not installed on the server, you need to install the utilities separately as shown below.

If unsure, you can run htpasswd to see if it works.

If it doesn’t, then you know that you need to install it.

CentOS / RHEL 8

dnf install httpd-tools

CentOS / RHEL 7

yum install httpd-tools


apt-get install apache2-utils

Let’s create credentials in the same way as we did in Apache.

htpasswd -c /etc/nginx/.htpasswd itsecforu

Don’t forget to replace itsecforu with the real username you want. Next, we need to configure Nginx to restrict a specific URI with a password.

  • Let’s say we need to protect / admin URI
  • Add the following to nginx.conf file or other active nginx config file
location /admin {
auth_basic "Admin Area";
auth_basic_user_file /etc/nginx/.htpasswd;

Reload Nginx

What if you need to restrict the serving of your entire website through Nginx?


Add the following to nginx.conf or active config file in location / {directive

auth_basic "Admin Area";
auth_basic_user_file /etc/nginx/.htpasswd;


There are many platforms that offer user-friendly tools and SiteGround is one of them.

If you are using SiteGround to host your website, you can easily secure the URL from the admin console.

Let’s say you are using WordPress and you need to secure / wp-admin.

  • Login to SiteGround and go to the site where you need to enable Basic Authentication.
  • Click Security >> Protected URLs >> Users
  • Enter username and password to create credentials

Next, we’ll secure wp-admin with the credentials we just created.

  • Go to URLs tab
  • Enter wp-admin in the path and click protect
  • Click on “Manage Access” and assign the user you just created.

Try to access the page and SiteGround will prompt you for your credentials.


Are you using WordPress and want to password protect a specific post, page, category, role, or an entire site?


Meet PPWP (WordPress password protection plugin)

Install the plugin and configure how WordPress resources are protected.

This works with page builders like Elementor, Divi, Beaver.

Also, if you want a simple password protected post or page, you can take advantage of the built-in WP feature.

No plugins are required for this.

  • Go to the post or page where you want to enable a password.
  • In the Publications section, click Edit next to Visibility: Public
  • Select Password Protect and enter your password.

🔐 How to password protect a specific page in Apache, Nginx, WordPress, hosting?

Click OK and you’re done!

Looking for more ways to protect WordPress?

Check out these guides:

🌍 13 Security Best Practices to Protect Your WordPress Site

Security, performance and analytics for WordPress top 1 million sites

Top 5 security loopholes in WordPress websites

How to create an activity log for WordPress sites (and why you should)

How to back up a WordPress site on Linux

How to Recover a Website When WordPress Hacked

How to fix a broken https WordPress site over SSH

🌐 How to disable access to Xmlrpc.php in WordPress

🤖 6 ways to ban and banish bots from your site

🌐 How to change WordPress admin url to prevent brute force attacks?

🌐 WPintel: A Chrome extension designed to scan for WordPress vulnerabilities and collect information

⚓ How to block unwanted User-Agent & Sources in Apache, Nginx and WordPress?


If you are on shared hosting, then most likely you will have cPanel.

The good news is that cPanel offers a utility called Directory Privacy; from there you can set a password for the directory.

Select the folder you want to protect.

As shown below, I selected a folder called chandan which is in public_html

🔐 How to password protect a specific page in Apache, Nginx, WordPress, hosting?

After that, you will notice that the folder is locked.


I hope this helps you protect a specific URI, password folder with basic authentication.

If you are looking for comprehensive website security, you should consider implementing a WAF.