MUniversity of Minnesota

December 09, 2005

How do I password protect my blog?

Of all the suggestions I receive for desired features on UThink, by far the number one suggestion is the ability to password protect your blog. Well, thanks to the upgrade, this is now possible. However, before we begin I must warn you that for some this will not be easy. Some of you will find these instrutions to be the equivalent of ancient Greek. I will try to do my best to make them as easy to understand as possible. One more thing, these instructions are for PC users only. They may work for the Mac, but I cannot guarantee it. Please let me know if you can get this to work for the Mac platform.

While it would be nice if Movable Type had password protection capabilities built in to its interface, the fact of the matter is it doesn't. So we have to work around that. What we'll be using is the Apache web server's built in capability to password protect a directory. In order to password protect the directory that your blog sits in you must create two files: a ".htaccess" file and a ".htpasswd" file. And yes, you read that correctly, each file name begins with a dot (".").

The trouble with these two files is that you cannot create them with Word or Notepad. You must use a text editor that strips out all the extra encoding stuff that Microsoft wants to put into a file. You may be able to use an HTML editor that you already have on your computer, or you can try to download a free/trial version of a Notepad replacement. I would recommend either EditPad Lite or the free Notepad++. If you aren't sure of what to do, just download Notepad++ and carry on with the instructions below.

With your text editor, create a new file. This will be the ".htaccess" file. It should have the following text:

AuthUserFile /htdocs/blog/[your Internet ID]/[your blog directory name]/.htpasswd
AuthName "You gotta log in"
AuthType Basic
Allow from all
Require valid-user

Replace the parts that say [your Internet ID] and [your blog directory name] with your Internet ID and the name of the directory right after your Internet ID in your blog's URL. (You may also want to replace the text "You gotta log in"!) For example, my test blog has the URL: So, I would create an .htaccess file that looks like this:

AuthUserFile /htdocs/blog/snackeru/test/.htpasswd
AuthName "You gotta log in"
AuthType Basic
Allow from all
Require valid-user

Save this file somewhere on your computer where you'll be able to find it again, like your desktop. We will be uploading this file to your blog later.

Now we need to create your ".htpasswd" file. You'll note that this file is referred to in the .htaccess file above. The first thing you'll need to do for this file, though, is generate a username and password. For this task, we will need to use an htaccess password generator because this method requires that your password is encoded into something unrecognizable. Confused? Don't worry about it, just use the htaccess password generator to pick a username and password and follow the instructions below.

Let's say I want to create a username of "goldy" and a password of "gopher." Using the htaccess password generator I might get a line of text that looks like this:


Take your line and in your text editor create a new file and paste that line in. Save your file as ".htpasswd" in the same place as you saved your .htaccess file.

Still with me? You should have two files, a .htaccess file and a .htpasswd file. Now we will upload them to your blog directory. Login to UThink and enter the blog that you want to password protect. Click on "Upload File" in the left hand menu and one at a time upload your two files:

Upload files

Since you aren't creating a new entry or a link with these new files, just exit out of the next screen. Once you have them both uploaded, go to your blog home page and test it out.

If you would like to see how this works, check out my test blog snackeru playground. Use the username/password "goldy/gopher." Let me know if you have any difficulty.

Now, there is a pretty good chance that you will have difficulty with this or that after you get it to work you may at some point want to take your password protection away (or change your password). In that case, you may want to delete the your .htaccess and .htpasswd files. To delete files on your blog (and view all the files in your blog directory) use the "List Blog Files" tool located in the left hand menu of Movable Type. You may delete files one at a time, or multiple files at once.

Anyway, that is how you add password protection to your blogs, at least for the immediate future. As new plugins are developed for Movable Type we will hopefully be making this process easier. Until then, let me know if this works for you!

UPDATE 3/3/2006: It is also recommended that you alter your RSS 2.0 template if you use the above method to password protect your blog. The RSS 2.0 template has a command that looks for various media you may be uploading to your blog, and the directory level password protection can sometimes cause an error to this function.

To fix this, login into UThink, click on Templates, and then click on the RSS 2.0 template. Find the line that says:


Take it out and rebuild. What this tag basically does is allow for podcasts. If you are password protecting the directory, you have taken away the capability to podcast from your blog anyway.

Posted by snackeru at December 9, 2005 10:22 AM

Hey, Shane, I have a Mac and I tried it. It didn't work...when I tried to view my blog, I got this:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Apache/1.3.31 Server at Port 80

Posted by: Clancy at December 11, 2005 04:39 PM

I figured out how to do this from a Mac. There's two little tricks involved:

The problem is that any file that begins with a "." is hidden by Mac OS X. There are a bunch of free apps, such as InVisibles ( that will allow you to view (and edit and create) invisible files in the Finder. So download and run InVisibles, and then once you've made invisible files visible, you can create a plain text document in TextEdit (in other words, make sure you select "Make Plain Text" from the Format menu) and save them as ".htaccess" and ".htpasswd". Make sure you don't let TextEdit add an extension to it for you if you have the "Hide Extension" option selected.

The next part is a bit tricky too: for some reason making invisible files visible in the Finder does not make them visible in the Open/Save dialog boxes in your web browser. So you have to use Firefox or Mozilla, not Safari, and then when you're uploading your files manually type in the path to those files. For example, if they're on your desktop: "/Users/yourusername/Desktop/.htpasswd". Then just click upload and it should work!

Posted by: Jon at December 22, 2005 10:33 PM

I think it is a very good idea to have a pssowd to protect everyone after they write something.
Anna :)

Posted by: Anna at January 16, 2006 02:23 AM
Post a comment

Remember personal info?