Using pwadmin to password protect web folders

Our webservers have built in support for password protected folders. This enables you to provide password protected access to sub sections of your site, based on usernames and passwords you can set.

The password protection itself is controlled by two special files: .htaccess and .htpasswd. .htaccess is a text file that tells the server what to protect and is usually put into the folder you want to protect, .htpasswd is a file of usernames and encrypted passwords.

To make this easier to manage, we have a script that can be installed from the ‘Install Scripts’ page of the Account Manager called ‘Password Editor , this allows you to manage your .htpasswd file, and will also tell you what code needs to be put into your .htaccess file to protect a folder.

pwadmin.pl is not compatible with Microsoft Frontpage. If you have enabled Frontpage extensions you should use its method of protecting folders and not pwadmin.pl

Here is a step by step guide to using this script to protect a folder. Firstly you need to install pwadmin.pl:

1. Log into your Account Manager and goto Domains > Install Scripts, then select the domain you want to install the script on (if you have more than one) and click ‘Password Editor‘.

2. After a minute or so you should get an email from the webserver telling you that the script has been installed, this will contain a link to the script, something like:

http://www.acmegrp.co.uk/cgi-bin/pwadmin.pl

Clicking that link will bring up the page asking you to set an administrator password for pwadmin.pl. Make up a password and type it in twice and then click the button. When you next log in, you will be asked for that password, so it is very important that you remember this password.

3. You can now add/edit/delete users in your .htpasswd file. To actually protect a folder in your webspace, you need to put in it a special text file called “.htaccess” – note the leading dot. Although this is a plain text file, the format of the contents is very important; errors in this file will cause you to get “500 Server Error” whan accessing the protected folder.

pwadmin.pl will tell you exactly what you need to put in this file; just click the “Show sample .htaccess file” button, you will then get something like this:

Sample .htaccess file

AuthName “My secure area”
AuthType Basic
AuthUserFile /home/users/uks33822/html/acmegrp.co.uk/.htpasswd
require valid-user

Using a plain text editor (like Notepad) cut and paste the code in the yellow area into a file and save it with the name “.htaccess”, then use FTP to upload it to the folder you want to protect. Your code will be different, so don’t just copy the code above.