When running a website, you might sometimes want to protect certain web pages or folders within your website using a password. This way, unauthorized users not to have access to the files or information therein. You might also want to set up a password for the website itself, if it contains private information, or if it is intended for certain people only. Another great thing about setting up password protection, is that search engine bots will not have access to the information contained in the website, which can be useful if you want to hide the information from Google, Yahoo! Or Bing searches.
One of the ways by which to protect your website by using a password is through a method known as User Authentication. With the use of this method, you can easily set up a directory on your server, which will require the user to fill in the appropriate username and password before gaining access. This assumes you know how to modify your web hosting account’s .htaccess files.
* Determine the directory that must be password-protected. If you are planning to have the entire website protected by a password, you are going to work on the root directory of the website, which is usually located in your /public_html folder. If you have specific subdirectories or subdomains to be set up with a password, determine the directory of those web pages, and work on the .htaccess files there.
* Create or modify the .htaccess file. Open a standard text editor (Notepad, for example). Leave it blank and save the file with the file name .”htaccess.” Take note of the period that comes before the “htaccess.”
* Add the codes to your .htaccess file. While the text editor is still open, add the following codes to your htaccess file:
AuthUserFile /insert/directory/here/.htpassword
AuthName “Title to appear when the password is requested”
AuthType Basic
Require valid-user
* Do not forget to edit the given “insert directory here” text according to your needs. The first line should include the full path of the directory, the second line includes the title for the password request window, and the third and last lines should be left as is. Once you are done editing, save the .htaccess file to the directory you have determined earlier. If your home, root or public_html directory already has an .htaccess file, you can simply download and edit it, and then re-upload it once the edit is done.
* Create or edit the .htpassword file. Telnet to your web hosting provider or use any another similar method using the command prompt. Use the command:
htpasswd -c .htpasswd nameOfUser
Inputting this command will have the server create a password for the user indicated by “nameOfUser.” The system will ask for your password, and you will have to enter it twice. Set up as many username and password combinations as necessary.
* Set the .htaccess file and the .htpassword files as read-only. It is important to set the .htaccess file and the .htpassword file as read-only, so that these cannot be altered by any third party. If you are using an FTP client, you can right-click on the files, and change the file attributes accordingly. Or if you can get shell access to your server, you can use the CHMOD command. For best results, use 644 or 755. Avoid using 777, as this permission level grants “write” permission to everyone.
Bear in mind that this process of setting up a password for a website is more advantageous than using a content management system, because you have essentially hard-coded it right into the web server. You can use other methods, such as cPanel’s password protection applet, which will create the same .htaccess and .htpassword modifications.
No comments:
Post a Comment