How to set up basic HTTP authentication?
The article describes how to assign an additional authentication form to a particular website page. As a result, all visitors trying to access the page will be requested for their login and password in a dedicated window. Access to the page will be granted only if the valid login and password are entered.
How to install authentication form?
- open the hosting control panel and connect to the hosting via SSH or FTP;
- in the file manager, proceed to the website directory that needs to have access restrictions. In this example it will be a directory named ‘test’;
- create an .htaccess file or open it in an editing mode, if it already exist. Add new lines to .htaccess as follows:
AuthName "Access denied!"
AuthType Basic is an authentication type;
AuthName "Access denied!" is the notification that will pop up upon any attempt of accessing the restricted website directory; AuthUserFile /path/.htpasswd the path to the file keeping the login and password hash. When some login and password are entered to the form at the website, they are compared to the values specified in the .htpasswd file (the password will be verified using its hash representation). This is how you know your website root directory; ‘Require valid-user’ is here to show that the access is only permitted to the users listed in the .htpasswd file.
- generate a login-password combination. To do so, use Online Generator. In the ‘Username’ field, enter your login ‘u1234567’. In the ‘Password’ field, specify a new password for your basic authentication. Press ‘Create .htpasswd file’. You can also make up a new login-password combination from the scratch. The generator will supply you with a line that will look like this:
‘u1234567:$apr1$uuR8iEpN$cb3ArYRjc9DVBRoV2bn/L0’. Here: ‘u1234567’ is the login; ‘$apr1$uuR8iEpN$cb3ArYRjc9DVBRoV2bn/L0’ is the password hash.
Copy this line and then paste it to the .htpasswd file you have created beforehand. How to change the password?
How to add a new user?
To change a password, you will need to simply repeat the password generation procedure using the same login. Online Generator. To add a new user, just generate a new login-password combination and add it to the .htpasswd file from a new paragraph.
How to remove an authentication form?
If there is no need for an authentication form any more, just comment out the lines that have been added to the .htaccess file previously. To do so, place a # character at the beginning of every line in question. Another option would be to simply delete all the relevant lines.