.... Internet marketing resources, ecommerce web site design tutorials
  Taming the Beast - quality web marketing and ecommerce development services .... .


Return to web marketing and ecommerce articles index

 Password protection tutorial

While many web hosts offer the ability to password protect areas of your site via their hosting control interface, it's not unusual for these features to be broken, unsuitable for your purpose or simply not available. This tutorial will provide you with a few different options for manually password protecting pages and folders in your web site.

Simple PHP password protection. 

This one is nice and easy; but will only work on pages ending in .php. It's certainly not bulletproof and will only protect a single page, but it's a relatively quick and easy way to stop prying eyes; plus it will tell search engine robots to ignore the page. Here's the code; always make a backup of the original page first.. just in case :)

$100 discount on XSitePro software $100 discount on XSitePro
The ultimate web site building package is now even better at a special discount price plus additional bonuses! 30 day money back guarantee. Download XSitePro!


<meta name="ROBOTS" content="NOINDEX,NOFOLLOW">


// Define your username and password
$username = "user";
$password = "password";

if ($_POST['Username'] != $username || $_POST['Password'] != $password) {

<form name="password" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<div align="center">
<table border="0" cellpadding="5" cellspacing="0">
<td><label for="Username">Username</label>
<td><input type="text" title="Enter your Username" name="Username" /></td>
<td><label for="txtpassword">Password</label>
<td><input type="password" title="Enter your password" name="Password" /></td>
<p align="center"><input type="submit" name="Submit" value="Login" /></p>

else {





Password and membership management software

Membership site password protection

Need a full strength password protection and subscription management solution that's easy to use? Trial aMember Pro! Flexible and compatible with all sorts of web platforms, it includes support for multiple payment methods.


.htaccess password protection

This is a more robust and secure method, allowing you to password protect individual files, folders or your entire site if you wish. You'll also be able to add multiple usernames and passwords and the passwords will be encrypted. 

Note: in order to use this, your host will need to be running a server with Apache, so check with them. Chances are they will be compatible. 

This method requires two different files - one to store the username and password details and the other to indicate the folders or files you wish to password protect.

Grab an SSH client

To create the files, you'll need to access the server with an SSH client - it's basically just software that allows you to connect to a remote computer using a different protocol and gives you access to a command line. 

If you've never used SSH before, don't panic, it's not all that hard and in fact, some basic SSH knowledge is an excellent thing to have. While I offer step by step instructions below for using SSH in this application, you might want to check out my beginners guide to SSH a bit later as you'll find far more uses for it than just making password files.

SSH client recommendation

A fantastic (and free) SSH client is PuTTY. It's a tiny little application that basically has no learning curve.

Check with your web host

Most good web hosts offer SSH access; but it's a good idea to check with yours first - you might even find the information in their knowledge base. You'll also need the server path to your site, it will look something like this:


Again, your web host will be able to help out with this if the information isn't available in their knowledgebase.

Creating the password file

- Fire up PuTTY
- Type in your domain name in the "Host Name" box
- Select the "SSH" option under "Protocol"
- Click "Open"

You'll then be presented with a blank screen with a username login prompt, enter that and you'll then get a password prompt. Your password will likely be the same one you use for accessing your hosting account interface and/or FTP.

Now to create a password file. To achieve this, simply type:

htpasswd -c passwordfile username

where filename is the name of the password file and username being the first user you will to add. Here's an example:

htpasswd -c passwd michael

You will then be prompted for a password for that user and then to confirm the password. Done! You've just created an encrypted password file. The encryption is done automatically. If you want to add more users all you need to do is to type:

htpasswd passwordfile username

.. note the missing "-c" operator - "c" stands for create and in this case we just want to add a new user. 

You can now exit PuTTY by typing "exit". Just type "exit".

Creating a .htaccess file

Now you'll need to be able to tell the server which folders and/or files you want to create and we'll do this via .htaccess. A .htaccess file is just a set of instructions.

Using FTP, navigate to the folder where the protected files are. If you want to password protect the entire site; just navigate to the root folder. 

If there is already a .htaccess file there, download *and* (very important) make a backup. If there is no .htaccess file; open up notepad and create one - note the name begins with "." and there's no tail extension.

Protecting a folder

Place the following at the top of the .htaccess file to protect the entire folder that you upload it to (and all folders below it):

AuthUserFile /usr/home/www/yourusername/passwordfile
AuthName "Password protected"
AuthType Basic
Require valid-user

Note that you'll need to change "passwordfile" to the name of your own password file and:


... will need to be changed to your own server path to the file.

Protecting specific files

Place the following in the .htaccess file to protect specific files in the folder you upload it to:

AuthUserFile /usr/home/www/yourusername/passwordfile
AuthName "Password protected"
AuthType Basic
<Files file1.htm>
require valid-user
<Files file2.htm>
require valid-user

Again, you'll need to change "passwordfile" to the name of your own password file and:


... will need to be changed to your own server path to the file. You'll also need to change file1.htm, file2.htm to the name of the files you wish to protect. Additional files can be protected by just repeating the format.


Password and membership management software

Membership site password protection

Need a full strength password protection and subscription management solution that's easy to use? Trial aMember Pro! Flexible and compatible with all sorts of web platforms, it includes support for multiple payment methods.

Membership management and passwords

While the above htaccess password solution can be used for membership sites where your users register or pay to access content; it's rather time consuming to create usernames and passwords in such a way. You'd be much better off installing software that has been specifically developed for the task of automating registrations, generating passwords and collecting subscription fees.

There's quite a few scripts out there for this and one worth looking at is aMember Pro. It contains a ton of features for managing memberships, be they paid or otherwise and can be used for static html sites and those powered by a CMS (Content Management System) such as vBulletin, Joomla and Wordpress,


Free tell a friend script
.htaccess 301 redirect tutorial
 Anti-hacking tips for home based online business

Michael Bloch
Taming the Beast
Tutorials, web content, tools and software.
Web Marketing, Internet Development & Ecommerce Resources

In the interests of transparency and disclosure, please note that the owner of Taming the Beast.net often receives goods and services mentioned in reviews for free, or may receive payments or affiliate commissions for advertising or referring others to merchants of products and services reviewed.

Copyright information.... This article is free for reproduction but must be reproduced in its entirety, including live links & this copyright statement must be included. Visit http://www.tamingthebeast.net  for free Internet marketing and web development articles, tutorials and tools! Subscribe to our popular ecommerce/web design ezine!

Click here to view article index 

Online meeting & webinar software review
Powerful, easy to use collaboration tools that can help improve your marketing sales and training efforts. Learn more about these services in this review & try a free trial!

The best shopping cart software
Our reviews of some of the best shopping carts around - free ecommerce solutions  through to premium services offering affiliate programs, marketing modules & online soft goods delivery.  Shopping cart software guide 

Autoresponder software/mailing list manager
 Read our beginners guide and reviews of all-in-one autoresponder & email marketing software solutions.

Credit card transaction fraud screening!  Effective fraud screening is an essential part of running an online businesses. Fraud transactions cost you money and can threaten your merchant account. Pick up a stack of transaction screening tips in this free guide! 

Need some advice/tools for writing/creating a web design, development or marketing proposal?






Get paid cash taking online surveys - free to join online 
survey companies that will pay you cash for your opinion!

In Loving Memory - Mignon Ann Bloch

copyright (c) 1999-2011  Taming the Beast  Adelaide - South Australia 

Profile - Contact - Privacy - Consultants Portfolio 

Search Site - Terms of Service - Social/environmental