When a website is in development, it’s a good idea to password protect the root directory from public access:
- It prevents unauthorized users from accessing the site
- It prevents it from being indexed in search engines
- It prevents other bots (spammers) from attacking your development site
There are plenty of online tools to generate the htpasswd file, but if you like to work from the command line, here’s a really easy way to do it.
If you’re on a Linux server with Apache, you can use the htpasswd command.
If you don’t current have an .htpasswd, use the “-c” option to create the file with the first user. It will prompt you for a password and encrypt it for you.
htpasswd -c /var/www/domain.com/public_html/.htpasswd user1
If you already have the .htpasswd file and would like to append a new user, repeat the command with the “-c”
htpasswd /var/www/domain.com/public_html/.htpasswd user2
.htpasswd is the standard file name that contains the authentication credentials, but you can actually call it whatever you want as long as you reference it in the .htaccess file:
AuthName "Restricted Area" AuthType Basic AuthUserFile /var/www/domain.com/htdocs/.mycustompasswordfile AuthGroupFile /dev/null require valid-user
The AuthUserFile location doesn’t need to be in the same folder as your virtualhost. It can be anywhere on your server as long as you use the full path to it. You may want a shared AuthUserFile if you have multiple websites on the same server and want to administer the logins from one file.