6 Replies - 768 Views - Last Post: 17 May 2020 - 08:58 PM

#1 sayhello   User is offline

  • D.I.C Regular

Reputation: 4
  • View blog
  • Posts: 359
  • Joined: 12-November 17

Password protecting a domain using .htaccess

Posted 16 May 2020 - 07:00 AM

hello dear experts,

i am currently trying to achieve password protect a domain and all of it's subdirectories and files, but my knowledge on the matter is very limited, how can I go about doing that?

i want to do this for a wordpress site - in other words:; i want to passwordprotect a site

i guess that this is a simple two step process

In the .htaccess i think i can put

AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd
require valid-user



for the password generation i can use

- the passwordgenerator of python or
- the passwordgenerator of keepass or i also can make
- use of http://www.htaccesst...sswd-generator/ or simpliy
- command line to generate password and put it in the .htpasswd



Note 1: i am using winSCP or filezila to put it to the server - btw. should i do more confifguration; e.g. configure in the security section "Password Protect Directories"

then propably we need to do a AllowOverride All to the directory of the .htaccess (or at least to previous ones) in http.conf followed by a apache restart

<Directory /path/to/the/directory/of/htaccess>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride All
</Directory>



note: what if i want to have this protection in a special way - so that i can

- call the domain
- open the passwordprotected site - and have access to the site for 2 or 3 hours
- is this possible?!


note - generally i have learned that i can passwordprotect a directory served by Apache via a .htaccess file in the directory we want to protect and a .htpasswd file that can be anywhere on our system that the Apache user can access (but put it somewhere sensible and private).


is it a good idea to put .htpasswd in the same folder as .htaccess.

The .htaccess file for the wordpress already exists:


if it would not exixt i should have to create it and insert:
AuthType Basic
AuthName "Your authorization required message."
AuthUserFile /path/to/.htpasswd
require valid-user




Then we should create a .htpasswd file using whatever username and password we want. And yes: The password should be encrypted.

note: i am on a Linux server, - well here we can use the htpasswd command which will encrypt the password for us.
Here is how that command can be used for this:
htpasswd -b /path/to/password/file username password
	



the question is: how to achive that: what if i want to have this protection in a special way - so that i can

- call the domain
- open the passwordprotected site - and have access to the site for 2 or 3 hours
- is this possible?!

This post has been edited by sayhello: 16 May 2020 - 07:07 AM


Is This A Good Question/Topic? 0
  • +

Replies To: Password protecting a domain using .htaccess

#2 no2pencil   User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6865
  • View blog
  • Posts: 31,644
  • Joined: 10-May 07

Re: Password protecting a domain using .htaccess

Posted 16 May 2020 - 07:10 AM

.htaccess is part of Apache, not PHP. Moving to Web Servers & Hosting.
Was This Post Helpful? 0
  • +
  • -

#3 sayhello   User is offline

  • D.I.C Regular

Reputation: 4
  • View blog
  • Posts: 359
  • Joined: 12-November 17

Re: Password protecting a domain using .htaccess

Posted 16 May 2020 - 07:43 AM

good day dear no2pencil

many thanks for setting me straight - yes this is convincing.


btw: what bout the special ideas:

the question is: how to achive that: what if i want to have this protection in a special way - so that i can

- call the domain
- open the passwordprotected site - and have access to the site for 2 or 3 hours
- is this possible?!

quess that this is somehow posssible!?

i am currently figuring out how!?
Was This Post Helpful? 0
  • +
  • -

#4 Dormilich   User is offline

  • 痛覚残留
  • member icon

Reputation: 4277
  • View blog
  • Posts: 13,545
  • Joined: 08-June 10

Re: Password protecting a domain using .htaccess

Posted 16 May 2020 - 10:03 AM

Not that I know of. With htaccess it's all or nothing.
Was This Post Helpful? 0
  • +
  • -

#5 sayhello   User is offline

  • D.I.C Regular

Reputation: 4
  • View blog
  • Posts: 359
  • Joined: 12-November 17

Re: Password protecting a domain using .htaccess

Posted 17 May 2020 - 02:52 PM

Hi there - well i probably can take a wp-plugin --... since all i want to protect is a wp-site itself..

what do you say bout this following plugin .. and its concepts:

How to Restrict WordPress Site Access by IP or Logged In ...
vgl. https://de.wordpress...ed-site-access/ bzw: https://wordpress.or...ed-site-access/

Quote

Beschränke den Zugriff auf deine Website auf angemeldete Besucher oder auf einen spezifischen IP-Bereich. Sende Besucher ohne Zugriff zur Anmeldeseite, leite sie weiter oder zeige eine Nachricht oder Seite an. Eine optimale Lösung für Extranets, öffentliche Intranets oder parallele Entwicklungsumgebungen.

- Adds a number of new configuration options to the Reading settings panel as well as the Network Settings panel in multisite. From these panels you can:
- Enable or disable site restriction
- Change the restriction behavior: send to login, redirect, display a message, display a page
- Add IP addresses to an unrestricted list, including ranges
- Quickly add your current IP to the unrestricted list
- Customize the redirect location, including an option to send them to the same requested path and set the HTTP status code for SEO friendliness
- Define a simple message to show restricted visitors, or select a page to show them – great for „coming soon“ teasers!



reviews:

Quote

Protecting my development and test sites with this Plugin has been part of my workflow for a long time.
It’s simple, effective and elegant–works so seamlessly that I forget it’s not just part of core WordPress.
I’m delighted to see the authors are continuing to actively support it as is evidenced by the “Under
the hood refactoring and clean up for performance and maintainability” in the latest maintenance releas

this plugin is briliant if you want to launch a new site of work on an existing one.
You simply generate a new ‘coming soon’ page with your favorite page builder and point to it.
You add your IP (and everyone else’s you want to give access to) and you can savely test processes on the live url,
with everybody else being denied access.

great plug-in to restrict site access by IP address.
I’m glad I found this useful and easy to use plug-in (settings through Dashboard, Settings, Reading, below)

After trying a few plugins who gave a lot of really advanced options. And took too long for my attention span to get
it working. This charming little plugin came in. And all was well.

am a divi user and this plugin allows me to create my maintenance pages with the builder. Very nice !
I am staging on the internet and wanted to hide my development. This works perfectly. most construction page plugins are very limited in what they do. with this plugin you can put your old html site into a subfolder while contructing your stunning wordpress pages by redirecting visitors to the subfolder. works like a charme

This post has been edited by sayhello: 17 May 2020 - 02:52 PM

Was This Post Helpful? 0
  • +
  • -

#6 ge∅   User is offline

  • D.I.C Lover

Reputation: 318
  • View blog
  • Posts: 1,335
  • Joined: 21-November 13

Re: Password protecting a domain using .htaccess

Posted 17 May 2020 - 03:10 PM

This is just me but I would not trust a wordpress plugin with security. I actually consider wordpress plugins a security flaw.

Maybe you can have your .htaccess route people through a PHP script which will write to a database the token used to access the site and the time at which it is used for the first time, then if the page is accessed again with the same token you compare the dates and if it is greater than the maximum time you don't grant access.
Was This Post Helpful? 0
  • +
  • -

#7 Radius Nightly   User is offline

  • D.I.C Regular

Reputation: 57
  • View blog
  • Posts: 365
  • Joined: 07-May 15

Re: Password protecting a domain using .htaccess

Posted 17 May 2020 - 08:58 PM

I dont trust files, PHP or DB for that, so i would do it on hosting machine layer, eg. on Nginx, because its the entrance, if its not working properly, it wont allow user to communicate with anything, with any file/folder with added security features and configurations, and wont make any communication with PHP, and can be modified to do various things with SSL, encryptions, times, connections, IPs, ports, cache, etc. On top of that for more security you can do various things on drives, operating system, PHP, DB, etc. I believe Apache can do the same without storing data in public folder.

This post has been edited by Radius Nightly: 17 May 2020 - 09:03 PM

Was This Post Helpful? 1
  • +
  • -

Page 1 of 1