Password protect a web page

Here is the code you can use to password protect a web page quickly and easily.

If the web page you wish to password protect is an HTML page, open it in a text editor and save it as a PHP page.

Copy and paste this code at the very top of the page you have open in a text editor:

<code><?php  // Define your username and password  
$username = "someuser"; 
$password = "somepassword";  
if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {  ?>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">     
<p><label for="txtUsername">Username:</label>     
<br /><input type="text" title="Enter your Username" name="txtUsername" /></p>    
<p><label for="txtpassword">Password:</label>    
<br /><input type="password" title="Enter your password" name="txtPassword" /></p>     
<p><input type="submit" name="Submit" value="Login" /></p>  
<?php  }  else {  ?>  
<p>This is the protected page. Your private content goes here.</p> 
<?php  }  ?> </code>


First, you will obviously need to define the username and password that you want to use to protect the page.

Next, replace the text that says “This is the protected page…” in the code you just added to your page with the content of the web page that you want to be password protected.

You can password protect just one particular part of your web page if you want to by copying and pasting the code above into wherever on your web page you want to password protect, as long as the web page is a php page. See this post for an example of a web page with only part of it’s content password protected.

Note: if you are trying to password protect just one section of your web page, please refer to my next post on how to password protect part of a web page.

  • Pingback: Password protect one section of a web page « I Code 4 You()

  • Barbie

    I’m having trouble getting the login to go to

    When I publish the site, it shows underneath the login as well.

    This is my code

    <form name="form" method="post" action="”>


    • Libby Fisher

      Hi Barbie,

      I am having trouble understanding what the issue is exactly. Please feel free to email me at if you want to discuss the issue further. Thanks!

  • Little Cloud

    HI Libby! Thanks for the code… I’ve been searching for a while now for something like this! Even years after you’ve wrote it, it’s still very useful :) I’m hoping you can still help me with something. I followed your instructions (being a novice/hobbiest php dabbler) and came up with an issue. The script works fine at the beginning – it shows a login form exactly where I want it, with the content protected.

    Now I’m embedding the code on an index.php file that’s located in one of a few module folders that are linked to the site’s menu items (from what I can tell). I’ basically uploaded a an open source budget script to my server, Expense Management by Webproject Builder: I’m basically volunteering my time to help out a 12 Step Group that deal with addictions to manage their small group cashflow.

    So for example, the url I’m on is ‘’. I’m trying to hide settings from multiple users that will be using the budget program. When I enter my credentials in the login form and press enter (or click Login), it seems to refresh and go to ‘’ (the file I have your code on) and then go to ‘’, because the profile menu/module is the first page that it’s programmed to go to after it has accessed the index.php file.

    Is there any way to not have the page refresh so as to stay on the webpage its at? I don’t mind giving you access to the site if you’d like to see what’s going on. It’s all for a good cause :) Hope to hear from you soon.

    Thanks Libby!!

    • Little Cloud

      I should mention that when I return to the ‘settings’ page to look at the content, I still get the protection content login form. So the cycle is repetitive. Thanks.

    • Little Cloud

      I found the answer to my problem! :) I changed line 6 of your code from this:
      <form name="form" method="post" action="”>
      TO this:
      And now it works fine. During my online research, I did find many forums/posts mentioning that shouldn’t be used as it is less secure than just having ‘ action=”” ‘. You can find such a post here: .

      Anywho, thanks again for the code :) I might have a few more little projects, and always interested and on the lookout for good freelance web developers 😉 They tend to be the ones to get me out of trouble haha. Take care. Nels