dil_bert Posted May 16, 2020 Share Posted May 16, 2020 hello dear experts, i am currently trying to achieve password protect a domain and all of it's subdirectories and files, but my knowledge on the matter is very limited, how can I go about doing that? i want to do this for a wordpress site - in other words:; i want to passwordprotect a site ; i guess that this is a simple two step process - In the .htaccess i think i can put AuthType Basic AuthName "restricted area" AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd require valid-user for the password generation i can use - the passwordgenerator of python or - the passwordgenerator of keepass or i also can make - use of http://www.htaccesstools.com/htpasswd-generator/ or simpliy - command line to generate password and put it in the .htpasswd Note 1: i am using winSCP or filezila to put it to the server - btw. should i do more confifguration; e.g. configure in the security section "Password Protect Directories" then propably we need to do a AllowOverride All to the directory of the .htaccess (or at least to previous ones) in http.conf followed by a apache restart <Directory /path/to/the/directory/of/htaccess> Options Indexes FollowSymLinks MultiViews AllowOverride All </Directory> note: what if i want to have this protection in a special way - so that i can - call the domain - open the passwordprotected site - and have access to the site for 2 or 3 hours - is this possible?! note - generally i have learned that i can passwordprotect a directory served by Apache via a .htaccess file in the directory we want to protect and a .htpasswd file that can be anywhere on our system that the Apache user can access (but put it somewhere sensible and private). is it a good idea to put .htpasswd in the same folder as .htaccess. The .htaccess file for the wordpress already exists: if it would not exixt i should have to create it and insert: AuthType Basic AuthName "Your authorization required message." AuthUserFile /path/to/.htpasswd require valid-user Then we should create a .htpasswd file using whatever username and password we want. And yes: The password should be encrypted. note: i am on a Linux server, - well here we can use the htpasswd command which will encrypt the password for us. Here is how that command can be used for this: htpasswd -b /path/to/password/file username password the question is: how to achive that: what if i want to have this protection in a special way - so that i can - call the domain - open the passwordprotected site - and have access to the site for 2 or 3 hours - is this possible?! Quote Link to comment Share on other sites More sharing options...
requinix Posted May 16, 2020 Share Posted May 16, 2020 Please, PLEASE do not make me answer your implied question about where you should generate a password. Because I will not be polite. AllowOverride is about whether (sub)directories can use .htaccess files. This sort of authentication is automatically remembered by your browser. You don't have to do anything to make that happen. Passwords are not encrypted. They are hashed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.