How To Restrict Access To A Page

Table of contents:

How To Restrict Access To A Page
How To Restrict Access To A Page

Video: How To Restrict Access To A Page

Video: How To Restrict Access To A Page
Video: Restrict WordPress content access w/ Content Control plugin 2023, September

If there is a need to restrict the access of unwanted visitors to the site page, then the simplest solution would be to use the authorization system built into the web server. Below is a description of how exactly this is done.

How to restrict access to a page
How to restrict access to a page


Step 1

Create a folder on the server for the pages you want to protect and move them there. If you want to restrict access to all pages, then you can skip this step - protection will be organized in the root folder of your site.

Step 2

The Apache server's algorithm of actions is such that when it finds a service file named ".htaccess" in the folder, it uses the instructions contained in the file when processing requests from site visitors for any documents in this and all subfolders. You need to create this file and place in it directives to restrict access to all or individual documents in this folder. You can do this on your computer using a simple text editor such as Notepad. Create an empty file (CTRL + N) and enter these lines into it: AuthType Basic

AuthName "Access to the page is restricted!"

AuthUserFile /usr/account/site/.htpasswd

require valid-user The directive on the first line includes a basic authorization mechanism (AuthType Basic). With this type of authorization, the visitor's password is transmitted from the browser encrypted using the Base64 algorithm. The directive in the second line indicates the content of the text hint that the browser will display when the visitor enters the protected part of the site. Enter the text you need without using quotes ( ). The third line contains the absolute path to the file storing the login: password pairs, access to which is allowed to the pages of this folder. The login is stored in clear text, and the password is encrypted. Absolute (that is, from server root) the path to your site can be viewed in the administration panel of the site or ask the hosting technical support. Or you can use the phpinfo () command of the PHP language. The directive in the fourth line defines the authentication principle. If you specify the value User, then only users whose logins will be allowed must be listed here separated by a space. The value of Group - only users belonging to groups, which should be specified here separated by a space. If Valid-user - all users whose logins are listed in the AuthUserFile. Naturally, for any value, all these users must be enter the correct password.

Step 3

Save the created file under the name.htaccess by selecting the "All files" item in the "File type" list of the save dialog - this so that the text editor does not automatically add the txt extension.

Step 4

Now you should create a password file specified in the AuthUserFile directive -.htpasswd. This is done by the htpasswd.exe utility from the Apache server. It is located in the bin folder to download this utility, for example, here - This is a console program, that is, it must be run from the command line. In Windows XP, you can do it like this: copy htpasswd.exe to a separate folder, right-click the folder and select "Run Command Prompt Here". At the command prompt, enter: htpasswd -cm.htpasswd FirstUser The "-cm" modifier indicates that a new password file should be created and that MD5 is used for encryption (which is the default on Windows). If instead of "m" you specify "d" - the utility will use the DES encryption algorithm, if "s" - the SHA algorithm, and if "p" - the password will be saved without encryption. FirstUser is the login of the first user in the list, replace it with the required one to you. The utility will ask for the password for it after you press Enter. To add the next user to the created file, run the utility again, but without the letter "c" in the modifier

Step 5

Place the created.htaccess and.htpasswd files on the server of your site using the file manager of the control panel or FTP client. The.htaccess file should be in the same folder with the protected pages, and the.htpasswd file should be in the folder, the path to which you specified in the AuthUserFile directive. Usually, password files are placed in a directory located above the root folder of the site to exclude access to it from the Internet.