Password Protecting a Laravel Site Using .htaccess

Authentication Deployment

Committed to the LaraBrain by: wjgilmore (@wjgilmore) at October 20, 2015 1:14 pm

Password protecting a Laravel site is easy using a simple server utility

I always try to deploy site prototypes as early on in the development process as possible so as to encourage ongoing client feedback. Often these sites aren't yet ready for public consumption and so I immediately password protect them in order to prevent uninvited humans and search engines alike from visiting. htpasswd offers a particularly simple solution for doing so, with no additional programming required.

The htpasswd command is almost certainly available on any hosting provider offering shell access (and additionally via web-based administration consoles such as cPanel). You'll execute the command, passing along the location in which the .htpasswd file will reside and the account username. For instance, in the following example I'm creating the .htpasswd file in the directory /home/dh/, and identifying the account username as admin:

$ htpasswd -c /home/dh/ admin
New password:
Re-type new password:
Adding password for user admin

Once executed, you'll be prompted to create and confirm a password for the designated account. After doing so, the .htpasswd file will be created, and its contents will look like this:


Next, open your Laravel project's .htaccess file and add the following four lines:

AuthUserFile /home/dh/
AuthType Basic
AuthName "Super Secret Site"
Require valid-user

These lines inform the web server of the .htpasswd file location, the authentication type, and indicate a valid user is required. After saving these changes, return to your deployed site and reload the page. You'll be prompted to authenticate using the designated account!