Help making a password protected webpage using PHP and javascript.

See more:

Javascript

HTML

PHP

HTML5

I am making a password proteced webpage using two PHP files named password.php and incog.php.
Here is password.php:

<html>
  <title>Enter the password</title>
  <head>
  <style>
p{
  color:red;
}
  </style>
  </head>
  <body>
    <p>Please enter the pass word or key to visit this site.</p>
  <form action="incog.php" method="post">
Passoword: Do not hack!<input type="password" name = "pass">
<input type="submit" value="Go to site">
    
  </form>
  </body>
</html>

And here is incog.php:

<?php
if ($_POST['pass'] == 'password')
header("Location: hello.html"); 
else
echo "Go away"

?>

The problem is that anyone can get into the "secret" page by guessing the url.

What I have tried:

I have tried to add this code to the secret webpage:

<!DOCTYPE html>
<html>
    <script>
    
function thisFunction() {
  window.location.href = "password.php";
}
</script>
    <body onload="thisFunction()">
        <h1>Hello you have reached the secret page</h1>
    </body>
</html>

But obviously that is not going to work because it will keep taking you back to the same page over and over again.
A solution would be appreciated; I am new to PHP and Javascript.