How can I restrict access to our website through .htaccess in cpanel?

Question

I am working on a website in which I want to restrict the access to it by entering some username and password in it like if I/or any outside users open the website, it should ask for Username and Password.

The current code which I am using in .htaccess file inside public_html folder is:

<IfModule mod_rewrite.c>
   RewriteEngine On 
   RewriteRule ^(.*)$ public/$1 [L]
</IfModule>

Problem Statement:

I am wondering what changes I should make in the .htaccess code above so that it allows outside users to enter username and password to enter the website.

Answer 1

This can be accomplished using the cPanel GUI. Here are some instructions I found:

Add Password Protection

1. Log into cPanel.
2. Go to the Files section and click on the Directory Privacy icon.
3. Select the directory you want to password protect and then you will see Set permissions for $PATH screen appear.
4. Click on the checkbox labeled "Password protect this directory:".
5. Type a name for the folder you are trying to protect in the field labeled "Enter a name for the protected directory:".
6. Click the Save button to save the name you have entered for the directory and option to password protect the directory.
7. Create a user to grant access to the protected directory by typing the credentials into the Username, New Password and Confirm Password fields.
8. Click Save in order to save the credentials that you have entered.

SOURCE: https://www.inmotionhosting.com/support/website/protecting-files/how-do-i-password-protect-a-directory-in-my-control-panel-cpanel

NOTE: The wording and location of these steps may change between cPanel versions. These instructions enable something called "HTTP BASIC" which is not considered secure. This QA can help explain why you shouldn't use this to protect sensitive data: https://security.stackexchange.com/questions/988/is-basic-auth-secure-if-done-over-https

Answer 2

To password protect your site, you need two things: a password file and an htaccess file.

1) Create a Password file

• Open a new text file and then enter a username and password combination. Important: each username and password combination must be entered on a new line in your file.
• Save the file and upload it to a directory on your web server. Most hosting companies running with the cPanel control panel module have a home directory file, which is where you’ll want to upload your .htpasswd file.

2) htaccess file

• Add these below five lines in the htaccess file :

  AuthUserFile /path/to/htpasswd/file/.htpasswd

  AuthGroupFile /dev/null

  AuthName “Name of Area”

  AuthType Basic

  require valid-user

• Next, you need to change “/path/to/htpasswd/file/.htpasswd” ( code line 1) to the actual path leading to the .htpasswd file

• “Name of Area” (code line 3) needs to be changed to the name of your site, or the section of your site that needs to be protected.

• Save the Htaccess file and upload it into the directory that you want to have protected.

• Finally, you should test whether or not your password works by attempting to access the protected URL. If the password itself does not work, you’ll have to go back to the .htpasswd file to ensure that it is entered correctly there (remember, passwords are more often than not case-sensitive). On the other hand, if you are able to access the URL without being prompted for a username and password at all, you’ll need to contact your servicer administrator to ensure that Htaccess is enabled for your site.