Protect your website with a password | News | PHPro
What's new in our world

Protect your website with a password

19 March 2012

Setting up a testing environment isn't difficult. Even though they are only used for testing purposes, these websites should be protected with username/password-authentication. This is a simple procedure.

  • Add following code to your vhost:

AuthUserFile /var/www/xxx/.htpasswd
AuthName "Authenticatie vereist"
AuthType Basic
require valid-user

  • Create the .htpasswd file

Navigate to your DocumentRoot and run the command htpasswd -m -c .htpasswd username. You'll have to enter a password twice. Verify that the .htpasswd is at the correct location, specified in the vhost. Also ensure apache can read the .htpasswd file.

Attention: the -m operator is important. This will force the usage of the md5() algorithm. The default algorithm, crypt(), is less secure because it will only use the first 8 characters of your password.

  • Reload Apache

Run the command apache2ctl graceful (with root permissions). Before the connections are closed, active request will be completed.


Now, navigate to your  website and you will be prompted your username and password!