How to Make a Website Password Protected
The world has changed as a result of the tools made available by the Internet. Information is available for immediate access and download. This led us to the era of online news, social networking and the blogosphere. Sometimes we find the need to cooperate with others on a private project. If you have a group that wants to access information and does not make it available to the rest of the world you need methods to protect an area of you website with a password. Here are some ways to make secure private areas of your site through password protection.
I am most familiar with using private web pages in the Content Management System called Drupal. A Content Management System creates pages for viewing on the fly. The pages are not sitting on the server waiting for viewing. Drupal has methods called Roles and Privileges which enable the setting up of private web pages. Users of a Drupal site may earn advanced Roles that allow them access to additional information. The Web Developers create certain content types or views that can only be seen by persons with the advanced Roles. In this way, trusted persons can access data that novices can not. It is possible to exclude the public from data which they do not even know exists. The menu links to these areas and views will be invisible to them. It is not required to log in to a restricted area. It is a matter of gaining a certain status which makes the viewing or more information possible. Remind Members with higher roles to log out so that others following them on the computer do not view the data. This is a very secure way to host data for viewing by the eyes of a few.
All websites hosted on an Apache Server should have a file in their root directory called .htaccess. The .htaccess file allows the owner to set up certain rules about who may access the data. Remember that this is on Linux hosting not Windows hosting. When you look in your root directory with your FTP tool you may not see .htaccess. In some programs you have to configure it show hidden files. With .htaccess you can allow access only to persons with specific IP Addresses or you can set things up for a password login form. You can use .htaccess on any folder in your website. There is a tool available in cPanel that sets password protection for various folders on the hosting account. This makes it easy for those ho have cPanel available with their hosting.
You can find software tools online which will help with the setup of your .htaccess file. DynamicDrive offers an online wizard for setting up this password page – http://www.tools.dynamicdrive.com/password/ . Instructions are given to enter the user names and passwords for your users along with the path to the .htaccess file. The wizard will generate the code which you must paste into your.htaccess file. Detailed instructions come with this wizard. The limit is that you will need to remake this file and add the name of each new member who joins you. A free desktop wizard is available from – http://www.htpasswdgenerator.com/download_htpasswd_generator.html . This will set up your access file in a similar way.
Zubrag.com offers a free PHP script for giving password protection to your pages. This will give a greater level of security to your page than the services like PuppyDog. This option calls for a higher level of skill to apply than the others. For the person who knows how to install a PHP script the Zubrag offering has real advantages. You set it and forget and you do not need to sign up for a free service that you night not otherwise want.
These are helpful and rather simple methods for adding password protection to parts of your website. A couple of words of caution are due. Some of these methods will be effective against novice Internet users only. To keep a hacker out would call for solutions with greater sophistication. The Roles features in Drupal should do nothing but the hacker has some way to steal the passwords from the organization. The point that I am making is to not upload info that is mission critical if you intend to use a simple method of security. Companies whose futures ride on trade secrets should not place them on the Internet. There are other methods for to access data remotely. These password protection methods are helpful for light duty security but do not rely on them for protecting data confidential data.