With today’s Webmaster Wednesday tip, we are going to be expanding upon our last post about .htaccess by going more in depth about using your .htaccess file to limit access to your website. We will go over some new rules you can use that will give you more control on what visitors can or cannot access.
Limiting Access with .htaccess
The first rule we will go over will allow you to block any visitor from your website completely. You can also use this rule to block everyone and only allow certain IP addresses to view your website.
Order Deny, Allow Deny from exampleIPaddress Allow from all
You can modify this code to deny (or block) everyone who attempts to access your website by changing the
Deny from $IP to
Deny from all. You can also add more than one IP address to the Deny or Allow list by replicating the
Deny from or
Allow from in another line each with a different IP address.
But what if you only wanted to restrict access to certain directories, not your entire website? Perhaps you want to block everyone but yourself to access your wp-admin directory, as an extra level of security. You can easily do this by creating a new .htaccess file in the directory that you want to block everyone from accessing and adding the following lines:
Order Deny, Allow Deny from all Allow from YourIPaddress
You can also easily restrict access to certian files types by adding the following lines to your .htaccess file:
<Files *.jpg> allow from all </Files>
*.jpg is the file type you would like to restrict or allow. This can be useful if you want to deny access to your entire website but would like to have your image links to still work. Or perhaps you want to prevent visitors from accessing a certain file type. Please note that if you’re using this code on a functioning website, you should not
Deny from All file types that are necessary for your website to load properly, such as .html, .jpg, .png, etc.
Password Protected with .htaccess
The last rule that we will be going over will make any directory or file password protected. The first thing that you will need to do is create a .htpasswd file. In this file you will add the username(s) and password(s) that will be able to access your website. However, the passwords do need to be encrypted. Thankfully there are a number of websites that will encrypt the password and set up the line for your .htpasswd completely for you. Here is one of the websites that will do this for you. After using their tool, you should receive a line that looks similar to:
USER:24E07zUeew3FY. You will need to add this line into your .htpasswd file, and upload it to your web hosting account.
After you have set up your .htpasswd file, you will need to add the following lines to your .htaccess file:
AuthUserFile /full/path/to/.htpasswd AuthType Basic AuthName "This is a password protected area" Require valid-user
AuthUserFile, please make sure the path is the complete path to your .htpasswd file such has
/home/USER/public_html/yourdirectory/.htpasswd. You may also change the
AuthName to whatever you may like, as this will be the server message that the user receives when they attempt to access your website and are prompted to enter a username and password. Once you have updated the file path and saved your .htaccess file, your website will now request visitors to enter in a valid username and password to access your website.
And that was your tip for Webmaster Wednesdays! Be sure you are following our Facebook and Twitter pages to stay up to date with the latest in webmaster tips, updates for web software, everything x10Hosting, and more!