Password Protecting Your Application Web Access (HTACCESS Lock)

There are two ways to password protect your application using htaccess.

Protecting an application through the WebEnabled web interface

  • Login to your account on
  • Find the application you want to password protect.
  • Click on the Manage link and the application info page will load with a list of actions on the right side.
  • Click on the HTACCESS Lock action.
  • Once the page loads you can choose to enter your own password or let one be generated for you.
  • Submit the form.

Enter a password and submit the form to lock your application from anonymous Web access.

Once the form is submitted successfully you will see a blue message at the top that tells you your application is now protected. Anyone browsing to the application from the Web will be required to enter the username and password before gaining access to the application.

Your application is now locked and users must enter the username and password to access it.

Note that this method of locking a application will only lock the entire application. It does not lock a particular directory within your application.

This creates a .htaccess entry in the public_html folder for the application. You may also modify this entry by logging in manually.

Protecting an application through SSH login (manual protection)

1. Login to the application using SSH.
2. Create your .htpasswd file by executing the following command.

$ htpasswd -mbc ~/.htpasswd [user] [password]

2. Using your favorite editor open/create .htaccess in the directory you wish to protect.
3. Add the following directives to the bottom of the file.

AuthUserFile "/home/clients/webapplications/w_user/.htpasswd"
AuthType Basic
AuthName "WebEnabled"
Require valid-user
Satisfy any
Order Deny,Allow
Deny from all

4. Alter the AuthUserFile directive to point to the directory where your .htaccess file is located.
5. Alter the AuthName to be whatever string you prefer.

Disabling Web Access Lock

Using your shell connection (or if your using a remote file browser in your favorite editor) you will need to edit ~/public_html/.htaccess and comment out the following lines with a # sign.

AuthUserFile "/home/clients/webapplications/w_user/.htpasswd"
AuthType Basic
AuthName "WebEnabled"
Require valid-user
Satisfy any
Order Deny,Allow
Deny from all

So now it will look like this:

#AuthUserFile "/home/clients/webapplications/w_user/.htpasswd"
#AuthType Basic
#AuthName "WebEnabled"
#Require valid-user
#Satisfy any
#Order Deny,Allow
#Deny from all

Please note: This is the default configuration that WebEnabled uses when setting up Web Access Lock using your dashboard. Users are free to setup locks on different directories within their document root. Because of this, the changes mentioned above will need to be made to a different .htaccess file if the lock was setup in a different folder.