Password Protect Website [LOGGED]

Nick

It would be nice to have a function in Enhance to password protect a website. This is useful for websites that are under development.

badboybackagain

you can use realm to protect in OLS.

Adam

You can also do this manually with htaccess/htpasswd but I appreciate this is hard for end users. We will add the functionality to the ui in the future. There is already an open feature request for this.

deydod

Hi @Adam

Any update on this?

Aliysa_Enhance

deydod We have an open ticket for this but no development time has been assigned yet. As soon as there is any movement on this, we will update the thread.

deydod

@Aliysa_Enhance @Adam

Do you have any recommendation how to do this until its ready?

I've created .htpasswd file in root folder and I've added to htaccess:

AuthType Basic 
AuthName "Site name" 
AuthUserFile /var/www/<container_ID>/.htpasswd 
require valid-user

Its working fine for now but I am more interested if this is correct way to do it?

Adam

That method is fine for Apache and (I think) LiteSpeed. It won't work in OpenLiteSpeed or Nginx.

alperssl

Is there any update on this feature?

grradmin

alperssl
We have an open ticket for this but no development time has been assigned yet. As soon as there is any movement on this, we will update the thread.

sikmo

If anyone find it useful, I'have crafted a simple code for wp-config.php (or any other app) since we needed ot on OLS mainly.

I did array for passwords, so you can have more than one and we are ignoring user, because we don't care for that.

$http_pass = [ "your_secure_password" ];
if( isset( $_SERVER[ 'PHP_AUTH_PW' ] ) &&  in_array( $_SERVER['PHP_AUTH_PW'],  $http_pass, true ) ) {} else { header('HTTP/1.1 401 Unauthorized'); header( 'WWW-Authenticate: Basic realm="Protected Area"' ); exit; }

here is "not minified" version

// set your password
$http_pass = [ "your_secure_password" ];

// check for passwords with strict param
if( isset( $_SERVER[ 'PHP_AUTH_PW' ] ) &&  in_array( $_SERVER['PHP_AUTH_PW'],  $http_pass, true ) ) {
    // user is authenticated
} else {
    header('HTTP/1.1 401 Unauthorized'); 
    header( 'WWW-Authenticate: Basic realm="Protected Area"' ); 
    exit;
}