Easy Tech Academy

How to Password Protect a HubSpot Website Using Cloudflare Workers

Written by Krystian | Apr 11, 2025 11:50:04 AM

Want to protect your HubSpot website with a password?

HubSpot makes it easy to build and host marketing websites, but what if you want to restrict access — for staging, internal review, or client-only content?

Out of the box, HubSpot only allows password protection for landing pages, not your full website, blog, or other pages. But there’s a workaround — and it’s surprisingly clean.

In this tutorial, I’ll show you how to use Cloudflare Workers to add a simple Basic Auth login to any HubSpot-hosted domain or subdomain — without needing a backend or server access.

Start with connecting domain

Create a free Cloudflare account at cloudflare.com and connect your domain by following their onboarding process. You’ll be asked to change your nameservers at your domain registrar so Cloudflare can manage your DNS.

Next, log in to HubSpot and add your domain under Settings → Website → Domains & URLs. Use www.yourdomain.com as your primary domain. HubSpot will give you DNS records — copy those into Cloudflare’s DNS settings.

Make sure the www CNAME record is proxied (orange cloud is on) to allow Cloudflare Workers to run.

Once the domain is live in both HubSpot and Cloudflare, you’re ready to add password protection using a Worker.

Create a Cloudflare Worker with Basic Auth

In your Cloudflare dashboard, go to Workers & Pages and click Create Application → Worker. Choose the HTTP handler option.

Replace the default code with this example:

addEventListener("fetch", event => {
  event.respondWith(handleRequest(event.request))
})

const username = "admin"
const password = "secretpassword"
const encoded = btoa(`${username}:${password}`)

async function handleRequest(request) {
  const authHeader = request.headers.get("Authorization")

  if (!authHeader || authHeader !== `Basic ${encoded}`) {
    return new Response("Unauthorized", {
      status: 401,
      headers: {
        "WWW-Authenticate": 'Basic realm="Protected Area"',
      },
    })
  }

  return fetch(request)
}

Click Save and Deploy. This Worker will require a username and password before allowing access to the site.

Connect Worker to URL

Add a route like this: 

www.yourdomain.com/*

Make sure your DNS record for www is proxied (orange cloud on), otherwise the Worker won’t run.

Once added, open your site — it should now show a login popup asking for the credentials you set in the Worker.
View full post