How to password protect your website or a portion of your website
Sometime you want your website to be access by your internal staff or the people known to you only, for example if it is a test site or you want to test your site before making it live. The best way to do so is password protect the website. Or if not the whole website you just want to protect a particular folder or file, that can also be done. And it is not difficult at all.
To add password protection to your website, any particular folder or any page, you need to do the following two things.
What is.htaccess
.htaccess is the default name of the Apache directory-level configuration file. The file contains commands known by the server that tell the server how to behave in certain instances. One common use for an.htaccess file is to restrict access to specific files or directories on the Internet or intranet, or to specify a particular webpage to be accessed when the file requested by the browser is not found (error 404).
How to create the two files needed for password protecting any portion of the website
To add password protection to your website, any particular folder or any page, you need to do the following two things.
- A text file that will store the username and password. The password will be stored in encrypted form
- htaccess that will have the path to the password file
What is.htaccess
.htaccess is the default name of the Apache directory-level configuration file. The file contains commands known by the server that tell the server how to behave in certain instances. One common use for an.htaccess file is to restrict access to specific files or directories on the Internet or intranet, or to specify a particular webpage to be accessed when the file requested by the browser is not found (error 404).
How to create the two files needed for password protecting any portion of the website
The first step is to create a simple text file that will store your username and password, separated by a colon (:). The text file can be created by free web tools available online. If you type '.htpasswd generator' as search text in the search engine you will have a list of websites offering the htpasswd generator online.
Alternatively you can create password file using htpasswd.
If you have SSH access to your web server, you can encrypt your password and add it to your password file in one go by using the htpasswd utility that comes with Apache. Simply SSH to your server or open up a terminal window on your local machine, cd to the folder where you want to create your password file, and type:
htpasswd -c.htpasswd uname
(where uname is the username you want to use. You'll be prompted to enter and retype your password, then the.htpasswd file will be created for you.)- Creating the.htaccess file
Open your text editor again, create a new file, and save it as.htaccess.
a. Protecting a folder
To password protect a folder on your site, you need to put the following code in your.htaccess file:
AuthUserFile /fullpath/.htpasswd
AuthType Basic
AuthName " Secret Folder"
Require valid-user
/fullpath/.htpasswd should be the full path to the.htpasswd file that you uploaded earlier for example, /home/dir/.htpasswd or C:\wwwroot\dir\.htpasswd.
The above.htaccess file will password protect all files in the folder that it is placed in, and all sub-folders under that folder too. So if you wanted to password protect your entire site, you would place the.htaccess file in your Web root folder.
b. Protecting a file
To password protect just a single file in a folder, use the following.htaccess file:
AuthUserFile / fullpath /.htpasswd
AuthType Basic
AuthName " Secret Page"
<Files "page.html">
Require valid-user
</Files>
This will password protect just the 'page.html' file in the folder where you put the.htaccess file.
Source...