password protection

This started off as an exercise to password protect a section of the bullko website. Lots of scripts and software available, but either they cost money, or is too advanced for me.

Most recommend protection using .htaccess and .htpasswd.

I already know how to use .htaccess to prevent directory listing and hotlinking. Here’s what to do.

htaccess
Place .htaccess in the same directory that needs a password. If the entire site needs to be protected, place in root directory. Use this code:

AuthUserFile directory/path/to/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
AuthName “Please enter username and password”

<LIMIT GET POST>
require valid-user
</LIMIT>

In the case of directory path, for all my sites it’s the same except for the username, so for invisiblecompany it is:

home/invisibl/www/www/.htpasswd

htpasswd

The .htpasswd file can be located anywhere, the more secure the better. The password must be encrypted and there are a lot of sites where it can be done, just google it, for instance here or here or here.

Generate as many usernames and passwords as necessary and put them all in the .htpasswd file. Don’t forget the hard return at the end of the file. It should look a little like this:

user1:sdDHLKJ1asg
user2:FD3lkjdf24fGh
user3:3Tgvpo5VQgd