Setting up (directory protection) password protection on a Multisite TYPO3 installation

With the Basic Auth method (see you can protect access to a website very easily. Even though it is not exactly the safest method, it serves your purpose in many cases. For example, if you are in the process of building a new website and want to prevent unauthorized people from accessing it. In many cases you also want to prevent search engines from indexing the pages (already).


Usually the protection works by a simple entry in the .htaccess file of the installation path (see also

Procedure for multisite instances

In TYPO3 it is possible to run multiple websites with one installation (so called multisite functionality). So in this case ALL websites would be subject to password protection.

To prevent this, the following instructions must be added to the .htaccess file:


# Password protection website XY
AuthType Basic
AuthName "<USER>"
AuthUserFile <INSTALLDIRTYPO3>.htpasswd
AuthGroupFile /dev/null
Require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=SECURED





Let's assume that the domain in question is, then is:


<USER>=Username of the password protection
<INSTALLDIRTYPO3>=fully qualified path of TYPO3 installation on the server