skip to Main Content

I am working on a website in which I want to restrict the access to it by entering some username and password in it like if I/or any outside users open the website, it should ask for Username and Password.

The current code which I am using in .htaccess file inside public_html folder is:

<IfModule mod_rewrite.c>
   RewriteEngine On 
   RewriteRule ^(.*)$ public/$1 [L]
</IfModule>

Problem Statement:

I am wondering what changes I should make in the .htaccess code above so that it allows outside users to enter username and password to enter the website.

2

Answers


  1. This can be accomplished using the cPanel GUI. Here are some instructions I found:

    Add Password Protection

    1. Log into cPanel.
    2. Go to the Files section and click on the Directory Privacy icon.
    3. Select the directory you want to password protect and then you will see Set permissions for $PATH screen appear.
    4. Click on the checkbox labeled “Password protect this directory:”.
    5. Type a name for the folder you are trying to protect in the field labeled “Enter a name for the protected directory:”.
    6. Click the Save button to save the name you have entered for the directory and option to password protect the directory.
    7. Create a user to grant access to the protected directory by typing the credentials into the Username, New Password and Confirm Password fields.
    8. Click Save in order to save the credentials that you have entered.

    SOURCE: https://www.inmotionhosting.com/support/website/protecting-files/how-do-i-password-protect-a-directory-in-my-control-panel-cpanel

    NOTE: The wording and location of these steps may change between cPanel versions. These instructions enable something called “HTTP BASIC” which is not considered secure. This QA can help explain why you shouldn’t use this to protect sensitive data: https://security.stackexchange.com/questions/988/is-basic-auth-secure-if-done-over-https

    Login or Signup to reply.
  2. To password protect your site, you need two things: a password file and an htaccess file.

    1) Create a Password file

    • Open a new text file and then enter a username and password
      combination. Important: each username and password combination must
      be entered on a new line in your file.
    • Save the file and upload it to a directory on your web server. Most hosting companies running with the cPanel control panel module have a home directory file, which is where you’ll want to upload your .htpasswd file.

    2) htaccess file

    • Add these below five lines in the htaccess file :

      AuthUserFile /path/to/htpasswd/file/.htpasswd

      AuthGroupFile /dev/null

      AuthName “Name of Area”

      AuthType Basic

      require valid-user

    • Next, you need to change “/path/to/htpasswd/file/.htpasswd” ( code line 1)
      to the actual path leading to the .htpasswd file

    • “Name of Area” (code line 3) needs to be changed to the name of your
      site, or the section of your site that needs to be protected.

    • Save the Htaccess file and upload it into the directory that you want
      to have protected.

    • Finally, you should test whether or not your password works by
      attempting to access the protected URL. If the password itself does
      not work, you’ll have to go back to the .htpasswd file to ensure that
      it is entered correctly there (remember, passwords are more often
      than not case-sensitive). On the other hand, if you are able to
      access the URL without being prompted for a username and password at
      all, you’ll need to contact your servicer administrator to ensure
      that Htaccess is enabled for your site.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search