diff --git a/README.md b/README.md
index 090be8c..fdbfff5 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,10 @@ In this instance `PUID=1001` and `PGID=1001`. To find yours use `id user` as bel
 
 Access the web gui at http://SERVERIP:PORT
 
+## Adding password protection
+
+This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>`. Replace <username> with a username of your choice and you will be asked to enter a password. New installs will automatically pick it up and implement password protected access. Existing users updating their image can delete their site config at `/config/nginx/site-confs/default` and restart the container after updating the image. A new site config with htpasswd support will be created in its place.
+
 ## Info
 
 * To monitor the logs of the container in realtime `docker logs -f heimdall`.
@@ -82,4 +86,5 @@ Access the web gui at http://SERVERIP:PORT
 
 ## Versions
 
++ **06.03.18:** Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default and restart the container, a new default site config with htpasswd support will be created in its place
 + **12.02.18:** Initial Release.
diff --git a/root/defaults/default b/root/defaults/default
index ae5fb57..fcf9351 100644
--- a/root/defaults/default
+++ b/root/defaults/default
@@ -1,3 +1,5 @@
+## Version 2018/03/06 - Changelog: https://github.com/linuxserver/docker-heimdall/commits/master/root/defaults/default
+
 server {
 	listen 80 default_server;
 
@@ -12,10 +14,21 @@ server {
 	ssl_certificate_key /config/keys/cert.key;
 
 	client_max_body_size 0;
+	
+        error_page 599 = @noauth;
 
-	location / {
-		try_files $uri $uri/ /index.php?$args;
-	}
+        location / {
+                if (!-f /config/nginx/.htpasswd) {
+                        return 599;
+                }
+                auth_basic "Restricted";
+                auth_basic_user_file /config/nginx/.htpasswd;
+                try_files $uri $uri/ /index.php?$args;
+        }
+
+        location @noauth {
+                try_files $uri $uri/ /index.php?$args;
+        }
 
 	location ~ \.php$ {
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;