As web technology is growing and making advancements, vulnerabilities are also increasing with the same rate. Website security is a major concern today and planning effective strategy is the resolution. If your website has confidential content or premium content, which needs to be limited within a scope of few users, then you can simply password protect premium content on website. All visits made to that content will be prompted to enter username and password to gain access to premium content, just like in the screenshot below.
And if a failure to login happens, visitor is redirected to 401 error page, just like the below screenshot.
How to Password Protect Website ?
If your website is hosted on Apache web server, then website or website directory can be password protected using the htaccess method. In previous article I explained about protecting website by disabling directory browsing, if you missed it, then you can read it here: Disable directory browsing to protect website using htaccess method.
HTACCESS file sets security attributes to the web directory which you want to protect. In order to set password on website, HTPASSWD file will created which will store all usernames and followed with the passwords. For instance, if username is aky and password is joe, then it will be written as “aky : joe”.
How to create HTPASSWD file ?
HTPASSWD is the file which contains usernames as well the passwords for the HTACCESS file to validate during authentication.
- Using any ftp client, login to the web directory of your website.
- Create a simple text file using any text editor and add the below code snippet precisely.
aky : joe username2:password2 username3:password3
- The above code contains username and passwords. Any word before colon (:) is username, while word after colon (:) is password.
- Once done, save the file as “.htpasswd” and upload it to the root of the directory.
How to create HTACCESS file ?
HTACCESS file sets security attributes on a web directory for user accessibility. HTACCESS file can be created using any text editor like a notepad and should be save as… “.htaccess” (without quotes). To create htaccess file to password protect website directory, follow basic steps below:
Make sure before modifying file for any changes, I recommend you to backup all the website data.
- Using any ftp client, login to the website directory, you will find .htaccess file located in the root of your directory.
- Open .htaccess file to edit it using a text editor and add below code snippet precisely.
AuthUserFile /path/to/file/.htpasswd AuthName "Premium Content Area" AuthType Basic require valid-user
- On line 1 in the above code, specify the location of the HTPASSWD file, which we created in the section above. Once done, save the file as “.htaccess” and upload it to the web directory which is to be password protected. For instance, if the web directory is “www.yourwebsite.com/secure/” then browse into this directory using ftp client and place the HTACCESS file in secure web directory.
Now open the webpage or website, for instance “www.yourwebsite.com/secure”, will prompt you to login to gain access to protected area, else it is redirected to 401 Authorization Required Exception Page. Now that your content is password protected, and is safe from the vulnerabilities and hackers. Make sure you don’t share your password with anyone.
Here we come to end of this tutorial, if you have any queries for require any further assistance, post comment as your feedback.