Password-Protecting a Web Site

You can password protect areas of your website through the Password Protection tool in your shared hosting account. IT's in IIS/.NET in the mail navigation. It can sometimes take awhile for this page to load. It's scanning all your folders on the server looking to see if a folder have password protection setup. More folder equals the longer it takes to load.

Alternatively, you can easily password-protect your Web site by creating what are called .htaccess files. Please note that our .htaccess files are not the same as the ones used by the Apache Web server and cannot be used to change the Web server settings for your site.

The first thing you have to do is place your password-protected files in a subdirectory within your account via FTP. Then, place the appropriate .htaccess file in that subdirectory. You also need to decide where you want to store your userlistfile, which contains a list of users having access to the files and their passwords. For security sake, you should store this file in your db folder, which is not accessible through the Web.

When you have decided where the .htacess file will go, you must create it using your FTP client and put the following text into it, making sure to replace the path to the userlist file with the correct one:

AuthName groupname
AuthType Basic
AuthUserFile e:/web/public_html/nbvbn/db/userlist.txt
Require valid-user

If you are having problems creating the .htaccess file, it is likely because Windows will not let you create a file whose name begins with a period. In this case, you can create it by typing echo "" > c:\.htaccess in your Run dialog box (click Start, then Run) and then opening the file c:\.htaccess using your text editor.

Once you have done this, you need to create your userlist file, which is extremely straightforward. You simply put one username:password pair on each line of the file. For example:

Bob:secret
Barbara:changeme

To increase the security of your userlist, you can download the application htpasswd.exe to create Apache-style crypt passwords. You are strongly advised to do this for your own password protection.

After you have done both of these things, you will be prompted to enter your username and password when you attempt to enter the password-protected area of your site.

Note that if you see an error page that starts with IISPassword The page cannot be displayed, and lists the error HTTP Error 500, then there is something wrong with the .htaccess file - probably something mistyped or it's using a construct that's not valid with our software - this is common when testing software designed to work with Apache since it's .htaccess file has many more options that don't apply to IIS.

Was this answer helpful?

 Print this Article

Also Read

Pointing your domain to your shared hosting account.

If your domain name is registered and owned by you but does not currently point to the LFC...

Using .NET

LFC Hosting fully supports the Microsoft .NET Framework (including ASP.NET), all development...

When Your Web Site Won't Load

There are several reasons why your Web site may not load. To determine the problem, do the...

Using MySQL

MySQL is the world's most popular open-source database server on the World Wide Web. It is...

Enabling ColdFusion

If your account requires ColdFusion support, you can simply upload your ColdFusion files to your...