Easy Website Password Protection Tutorial

You can now easily implement password-protected pages to protect folders in your web site. Use these password protected directories to sell downloadable products or provide premium access to members. In this password protection tutorial, we will explain how to create access authorization using only FTP. This will be helpful to most webmasters who want to create authentication files but who do not have SSH or Telnet access. Unfortunately, most of the restricted access tutorials assume that the webmaster can use SSH or Telnet, which of course, is not true. Now you can sell your software, documents, images or music online. You can easily protect files and directories that require the use of a username and password, and you don't have to be a computer programmer to do it!

Requirements.

You own the domain name and maintain the site.

Your site is on an Apache based web server. (Windows IIS servers do not support .htaccess)

You have FTP access.

Let's Do It!

We will be creating three separate files contained in two separate directories on your website. Elements in blue bold should be replaced with your customizations.

http://www.yourdomain.com/protect/myproduct/index.htm http://www.yourdomain/hidden/myproduct/.htpasswd http://www.yourdomain.com/protect/myproduct/.htaccess

Notice that the last directory of each file path has “ /myproduct/” in common. The reason for this is so that later, when you add additional products, it will be easier to create a unique username and password for each of your downloadable products, and to keep track of it all. Just rename the /myproduct/ directory with the names of each of your additional products.

1) Create the page(s) you want protected. This could be anything you want limited access to. For example, it could be a special document, or an image, a music file, software, or anything. Name the page:

http://www.yourdomain.com/protect/myproduct/index.htm

Publish (upload) it in the normal way you would publish any other web page. Notice that the directory, “/protect/” is a dedicated directory just for password-protected files. (You could name it anything you want.) Repeat this process for each page or file you want protected.

2) Create the .htpasswd file. This is the file that contains the secret username and password that corresponds to the page you want to protect. We do two things to help prevent people from discovering this information. (1) The password is encrypted. (2) The file itself is hidden in a different directory than the one of the page being protected.

First, we have to create the encryption: If we had SSH or Telnet access, there is a procedure to use the unix apache server to create the crypt code needed, right on your own server. Since most webmasters do not have Telnet access, you can build the appropriate encryption by using our form below:

User Name:
Password:

Just type in the username and the password you have chosen for the page you want to restrict.

username is “interlogy”
password is “opensesame”

After running it through the encryption, you get a login and encrypted password:

interlogy:9lljfi88eqp5s

(Please note that every time you run the same username and password, you end up with a different encrypted password. This is the whole point of one way encryption! But they will all work!)

Copy and paste this combination (username matched with encrypted password) into a simple text file.

Now save the file. Windows does not allow you to save a file beginning with a “.” So just save it as “htpasswd.txt” and change the name remotely after you FTP it.

Upload the file to the “/hidden/myproduct/” directory on your site using your FTP program. (You must use in ASCII mode for this or it won’t work!)

Now, remotely change the name of the file to “.htpasswd”

3) Create the .htaccess file. This is the file that does the magic. When the browser detects this file, it will display a request for username and password before allowing a visitor to see the desired file. This file affects the directory and all sub-directories in which it is placed.

In a new text file, type the following:

AuthUserFile /home/yourdomain/docs/hidden/myproduct/.htpasswd AuthGroupFile /dev/null AuthName Restricted Access AuthType Basic <Limit GET> require user interlogy </Limit>

AuthUserFile tells the server that it will find the file containing the passwords (.htpasswd) in the directory called /hidden/myproduct/
It needs to be the full UNIX pathname of where the .htpasswd file is stored. Your web host can provide you with this information.

AuthGroupFile tells the server where to find the group file. You only need a group file if you have multiple usernames and passwords for the same password-protected page. Just leave it as /dev/null to leave this function unused.

AuthName specifies what shows up on the entry box when the browser asks the user to enter a password. You can write whatever you want here, but “Restricted Access” is the most common.

AuthType describes the type of authentication we’re using. In this case, it’s “Basic.”

<Limit GET> is an HTTP request for a file that is sent by a browser to a server. This line limits the power of GET by saying that only the valid user may look at files in this directory. If you want to allow other methods (particularly in CGI directories), you can specify them separated by spaces in the LIMIT directive. (LIMIT GET POST PUT)

Add one blank line at the end of the .htaccess file or it won’t work!
There must not be any spaces or special characters after any of the lines.

Now save the file. Windows does not allow you to save a file beginning with a “.” So just save it as “htaccess.txt” and change the name remotely after you FTP it.

Upload this file to the “/protect/myproduct/” directory on your site using your FTP program. (You must use in ASCII mode for this or it won’t work!)

Now, remotely change the name of the file to “.htaccess”

When someone attempts to access the password-protected page, their browser will display a request for “authentication.” The user must type in the correct username and password. Once this is done, they will gain immediate access to the desired page.

Repeat the above process for any web page or file you wish to have restricted access.

For more details on this subject, please consult the following sources:
How To Create a Password Protected Page
NCSA httpd documentation on .htaccess files.
Mosaic User Authentication Tutorial

 

This article is brought to you by Interlogy Internet Technologies which produces professional password protection scripts. For more information, please check out password protection and community management case studies for Profile Manager Premium below:   Profile Manager Premium Most Flexible Membership Software Profile Manager Basic Free Membership Software JotForm First WYSIWYG Form Builder Web Hosting Affordable Web and Application Hosting Web Design Cutting Edge Web Site Designs Custom Development Complete Web Site/App Solutions F.A.Q Profile Manager Premium Profile Manager Basic Jotform Forums Profile Manager Premium Profile Manager Basic Jotform Case Studies PM Premium User Stories Articles Advise for membership sites   Case Studies   An Alumni Management System: bcalumnae.org The support for the Profile Manager products is terrific. The numerous online tutorials answered most of our questions. These were bookmarked and referenced frequently for help. Interlogy has also created an exceptional sense of community surrounding the Profile Manager product line. Tips and ideas are shared frequently on the discussion forums. As we grow and develop this aspect of our association, we have immediate plans to automate registration for our annual Alumnae Day and payment of association dues. We are extremely pleased with our selection of Profile Manager Basic as the basis for our revamped alumni site. We are also looking forward to benefiting from the additional features in Profile Manager Premium. A free service for creating mobile websites: Youtomo If a very hard customization is needed, then we suggest buying premium support: It’s reasonably prized and the Profile Manager Premium creators react very fast! Thank you guys! A social networking website: PenBuddy If a youngster like me can develop a social networking website like PenBuddy.co.uk from Profile Manager then all I can say about it is that it is Simple, Brilliant and Powerful!!! Check out my site at www.penbuddy.co.uk and see the script in action for yourself! There is just so much to do! A High School Alumni Website by Paul Miller The reaction from the members has been great. The best feature has to be the picture upload capability. It is great to be able to put a face to a name from high school. It has been a lot of fun setting this sight up and the support has been great from the folks at Interlogy. Customizing is a snap and integrating the features onto other sites is easy too. Overall I am very happy with Profile Manager and my only regret is not finding it sooner. An Alumni Association Site by Peter Mariani I came across Profile Manager from Interlogy and thought it was worth a look. I downloaded Profile Manager Basic and literally had it running on our site with our commercial ISP in 15-30 minutes. I was very impressed with Profile Manager Basic, having looked over so many other offering, and went back to the Interlogy site to learn more. I decided very quickly to upgrade to the Profile Manger Premium even if I had to pay for it out of my own pocket! (Usually we have to stop at the free stuff.) This was going to do what we wanted and reduce my workload as volunteer alumni webmaster. Profile Manager Premium Case Study: Community Software for Biolords.com After looking at the structure of the script I realized that this would indeed be easy to remedy. I made the necessary adjustments and emailed the author Aytekin Tank describing the changes I made. He then responded and told me about PM Profile Premium edition. I was extremely pleased and immediately began to test the newer version. A lot of the things I had been wanting had been included in his premium version. Special Profile Manager Premium Case Study: BookingandTalent.com The further we delved into the PM Premium Script's capabilities, the more and more impressed we became. Many scripts we'd seen used 'template' files of one sort or another in portraying HTML pages, customizing forms and form actions, etc. None were (or are) as easy to use and follow as PM Premium. A major factor in this part of the process is the logical and sensible naming of the files and their locations within the script folders. You can find and "fix" whatever form you're looking for in mere seconds.If you visit www.BookingandTalent.com you'll get an idea of just how much 'custom' work we did. Yes, that really is PM Premium! Using Aytekin's FAQ & On-Line Manual made most of that possible. And what little we found that wasn't possible, became possible. Community Script: Profile Manager Premium This Script "Profile Manager" is highly customizable and the potential of it's use is vast. I reccomend it to Guild Masters and Clan Webmasters as a must have. I also recomend it to Web Masters for other uses. Building a Golf Parship Site ( Partner Finder Site ) PMP is really nice scalable and is the right tool to built a site as you like. You can use and modify existing features very simple as you like or need - also with some 'tricks' it's sometimes possible to use existing features for results they are not really thought for, it depends of your own ideas. You can totally redesign the html-files to make them 100% fit to your site style. Alumni Script: Profile Manager Premium I can not say enough good things about Profile Manager Premium. It has made my site more personal, more interactive, and best of all it has freed up the time I used to spend updating and maintaining my old database. I can guarantee that you will not find anything better on the web because I have looked. The author even has a free version of the program for those of us on a budget. Making A Member Start Page Not only was I able to create the Start Page I wanted, I kept the Profile feature intact so my clients could search for other profiles and start our own online community. I highly recommend Profile Premium for its versitility, options and support! Membership Gateway Software: Profile Manager Premium Profile Manager Premium(a cgi membership software), after several modifications by me, is utilized on the site in several ways, interacting with several other software solutions. Building A Profile/Membership System for an Entertainment Site! The PM Profile Premium edition is an amazing profile script and a very powerful tool. It has perfectly fitted the needs for our website and there are a unlimited number of things to do with it. We now have it setup on ShooshTime.com as a meet/greet community and our users just love it! Its so user friendly that everyone wants to join and add to the site. Customer Database Script: Profile Manager Premium For a minimal investment of time and money, Profile Manager Premium has offered a fully "customized" solution. Our new "Builder Listing Database" is a valuable addition to our website (which increases our level of customer services and gives us a competitive advantage), while saving us time on an ongoing basis. Build a community site with profile script I had five rescues beta test entering their info into our new shelter software. They found the whole process rather easy, and were delighted with the results. I CANNOT SAY ENOUGH GOOD THINGS ABOUT THIS PACKAGE! I would recommend it to every pet shelter. It could also be used on private sites to provide pet registration service as a registry of lost and found pets. Five years ago, if I'd been where I am right now in the learning process, I could have invented Blackboard.com using this program. It's so flexible and amazing! A High School Alumni Website by Paul Miller I'd come across Profile Manager Premium from www.interlogy.com some months earlier while searching through various CGI sites. The recommendations looked good, and the demo of the script worked well. I downloaded their free copy (with fewer functions) but decided that with a little tweaking here and there, I could make the full script do that which I wanted. Build a community site with profile script All I can say is I am totally impressed with this script and if you are looking for a versatile and easy to understand script this is a must have. With the community forums, help is just a click away, I have found the staff and other site owners are very helpful and super quick to respond to my questions.   © Copyright 2008 Interlogy LLC. Home | Products | Services | Support | Blog | Contact

JotForm BETA has been released! First web based WYSIWYG Form Builder has been released.