I am working on a website in which I want to restrict the access to it by entering some username and password in it like if I/or any outside users open the website, it should ask for Username
and Password
.
The current code which I am using in .htaccess file inside public_html folder is:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
Problem Statement:
I am wondering what changes I should make in the .htaccess
code above so that it allows outside users to enter username and password to enter the website.
2
Answers
This can be accomplished using the cPanel GUI. Here are some instructions I found:
Add Password Protection
SOURCE: https://www.inmotionhosting.com/support/website/protecting-files/how-do-i-password-protect-a-directory-in-my-control-panel-cpanel
NOTE: The wording and location of these steps may change between cPanel versions. These instructions enable something called “HTTP BASIC” which is not considered secure. This QA can help explain why you shouldn’t use this to protect sensitive data: https://security.stackexchange.com/questions/988/is-basic-auth-secure-if-done-over-https
To password protect your site, you need two things: a password file and an htaccess file.
1) Create a Password file
combination. Important: each username and password combination must
be entered on a new line in your file.
2) htaccess file
Add these below five lines in the htaccess file :
AuthUserFile /path/to/htpasswd/file/.htpasswd
AuthGroupFile /dev/null
AuthName “Name of Area”
AuthType Basic
require valid-user
Next, you need to change “/path/to/htpasswd/file/.htpasswd” ( code line 1)
to the actual path leading to the .htpasswd file
“Name of Area” (code line 3) needs to be changed to the name of your
site, or the section of your site that needs to be protected.
Save the Htaccess file and upload it into the directory that you want
to have protected.
Finally, you should test whether or not your password works by
attempting to access the protected URL. If the password itself does
not work, you’ll have to go back to the .htpasswd file to ensure that
it is entered correctly there (remember, passwords are more often
than not case-sensitive). On the other hand, if you are able to
access the URL without being prompted for a username and password at
all, you’ll need to contact your servicer administrator to ensure
that Htaccess is enabled for your site.