Home

  • Basic Tutorial

    • Overview

    Domain Name

    Web Host

    Designing

    Uploading

  • Other Information

    • E-Commerce Website

    Making Money

    Getting Traffic

    Website Additions

  • Navigation

    • Sitemap

     

     

    Home > Website Additions >

    Password Protect Web Pages

    Protecting your website with password may come into use in many cases. Another thing is that finding a proper way to do it can be surprisingly hard, at least if I take a look at my experiences on this sake.

    There are couple ways to password protect, .htaccess or a script. I would say .htaccess is far more secure than many protecting methods out there. If your web host doesn't provide it, you may want to go to the script part.

    Using .htaccess

    If your service provider supports this, it may use automagical wizards for this or give other guides for it. In other cases and in the hunger of information, you may like to read this out. Examples of those web hosts providing password protection are those mentioned before, Powweb and Bluehost

    First there is a directory where all the secured files and the mechanism for protection resides. When entering this directory, a password window will pop into your screen.

    The most common files:

    1) .htpassword This is a file with encrypted passwords. This file should be created at first. One thing more, don't mess around too much with this file like remove the master password or you can end up to not ever getting to the directory again.

    2) .htaccess Contains several kinds of data, you will learn soon.

    The Steps

    1) First create a file called .htaccess and copy/paste the text below in there. You may modify the values. Save the file into the protected directory. Windows may complicate things but typing ".htaccess" into the filename with quotes and selecting "All Files" from the drop down box, you can make it.

    AuthType Basic
    AuthName "Members Only"
    AuthUserFile /home/user/public_html/docs/.htpasswd
    Require valid-user

    AuthType is basically the type of authentication. Let it be as it is now.
    AuthName is the title text of pop-up window.
    AuthUserFile is the address to the .htpasswd file. Note that the address is not the 'www.mysite.com/public_html/docs/.htpasswd' but the address in the server file system. Consult your support service for more information.
    Require valid-user ensures that only valid users are let through.

    2) Creating .htpasswd file can happen in notepad but the encryption of the password with a tool. The basic syntax of the file is:

    username:password
    username2:password2

    One username:password combination per line. You may encrypt the password here. You can find tools for .htaccess too but they don't make the work so much easier. Save the .htpasswd file to the location you defined in .htaccess.

    Congratulations, you have just encrypted and protected a directory with password.

    Password Protection With Script

    If you decide to go for another script than mentioned here, don't select one where you can see the password in the source code, that's madness and practically the same thing as no password.

    GateKeeper is a simple script. As weird as it may sound but the password is the same as the directory you are directed to. For example the page you are taken to after a correct password 'DogFood' is DogFood.html. If you hold great secrets like bank accounts behind the password, please don't use this. But if you just keep normal files with not so important things inside, you could try this out. Click the link above for the script and installation guide.

    CoffeeCup Password Wizard is the paid option but secure with better probability. There is a demo and other samples available of this flash powered password protection script.