Black Friday Deals Not Found Anywhere Else! Save up to 55% OFF Hosting, Domains, Pro Services, and more.
Vodien Black Friday Sale applies to new purchase on select products and plans until 4 December 2024. Cannot be used in conjunction with other discounts, offers, or promotions.
Microsoft-Top-SMB-Cloud-Master-for-March-2017-img

by

March 8, 2010

Cloud Computing, Cloud Security 2 min read

How To Password Protect Your Important Files And Defend Yourself Against Hacks & Attacks

When attacks occur on websites, they are usually a result of a compromised password, or because of files that have poor security, either because of insecure file permissions or programming flaws. Security's one of the aspects that we always strive to be improving at Vodien, especially since all of our clients' data is at stake.

suphp-logoOne of the security implementations that we have done is to install SUPHP as a standard on our servers. This tool improves the security of our servers because it makes files run under the user's specific user account, as opposed to the default Apache user account. By using SUPHP, it allows us to monitor the resource usage of accounts, and locate rogue script files easily.

Another way you can improve the security of your site is to password protect any important areas, such as the admin interfaces of your scripts. This is applicable to popular scripts such as Wordpress or Joomla. By default, scripts already have a password-protected login, but that's a PHP/Session/Database implementation. By having a Apache/htaccess protected login area ON TOP of that, you're improving security even more. For example, if you were running Wordpress, you will be looking at password protecting the /wp-admin folder.

If you're on our servers, you just need to login to your control panel, and go to "Password-Protect Directories". If not, you can do it manually too, with these steps:

Using a text editor (such as Notepad), create a text file named .htpasswd (note that there's no .txt extension here). Simply put in one line that has your username and password, in this format:

username:password

Next, create a .htaccess file in the same manner, but put this block of code instead:

AuthUserFile /home/username/.htpasswd
AuthType Basic
AuthName "Protected Area"
Require valid-user

Now upload the .htpasswd to your root directory. Your web server might be configured differently, but this root folder should be outside your www, or public folder, where your website files are served. If not, then put it such a location, and change the filepath in your .htaccess file.

Next upload the .htaccess file to the folder that you want to protect, and that's it. Your directory is now password protected.

Warning: .htaccess is a powerful Apache file that if wrongly configured may make your website inaccessible. If you aren't sure about what you're doing, please get professional support from your hosting provider.


[template id="7325"]

Skip to section