Password Protect ― Secure Your Webpages Without .htaccess

Mar 13, 2011 by

Password Protect used on PICUP for Files Alpha release

When creating and testing a website, especially ones containing server scripting such as PHP or ASP.NET, you will need your page(s) to be on your web-server but you may not want anyone else to have access to the site. There are some methods but all others I have tried have had flaws. You can do it with JavaScript, but since it is a browser script, it can easily be bypassed by turning off JavaScript or viewing the source. You can do it with .htaccess, but I find it unreliable and requires encryption and a knowledge of .htaccess syntax. You can also do it with PH and SQL, but this requires a knowledge of PHP and SQL and is too complicated.

While the PHP and SQL method is very reliable if you have a basic knowledge of PHP and know how to create user tables in SQL databases, the entire process may be time consuming and the site may not have permissions to access your database. After trying all of these methods, I stumbled upon, and found a free web page protection script.

Password Protect is free to use and written in PHP with easy to follow “normally written” directions so that little to no knowledge of PHP is required.


  1. Download the script here.
  2. Upload password_protect.php to the directory containing the files you would like to protect.
  3. Navigate to /password_protect.php in your web browser with the help parameter. (
  4. You will then recieve a code that looks similar to this: <?php include("password_protect.php"); ?> or wherever the file is located. Copy this to the very beginning of every file you wish to protect.
  5. Open up password_protect.php and follow the commented instructions on adding users and passwords. You will also be given code for a logout button, as well as options for session timeouts.
  6. Open up the protected page and if the installation was successful, you should be able to login with the credentials you specified in the PHP file.

When your site is ready for public release, just delete the code placed at the beginning of the protected pages and delete password_protect.php from your web server.

Check out the other free scripts at

Related Posts


Share This