How to Password Protect Your Magento Store With .htaccess

You must have landed on a website that demanded a username and password to access its web pages, without which you can’t enter the store.

The website as a whole or few of its pages can be secured with passwords to protect its content, keep the spams away from malfunctioning with the features and much more that I’ll discuss ahead.

Magento store is a platform for global users for E-commerce business. With no limit on its visitors, password protecting the Magento store can prove as a blessing!

It can be implemented with the use of Javascript, Php or .htaccees file.

Why do you need to password protect your Magento store with .htaccess file?

• In the case where you are migrating or upgrading your Magento store, you do not want anyone to access your store other than the developers.
• You want to hide the new design and theme until it’s ready to launch.
• You may want to limit the access of specific pages based on the customer groups.
• You simply want to protect your content!
•  You may password protect your paid content for premium users.

Method to password protect your Magento store with .htaccess:

1. Create a password file to store the usernames and passwords that will have access to the website.
   1. Create a new text file named .htpasswd. Make sure you don’t forget to add a period to the start of the file name.
   2. Add usernames whom which you want to provide the website access and passwords in .htpasswd file and save it. Use encryption method to create passwords.  For example,
      
      foo:$apr1$yB1.9vIT$IVVBmq5vMauwsNR8CZdHQ.

      1	foo:$apr1$yB1.9vIT$IVVBmq5vMauwsNR8CZdHQ.

      Where ‘foo’ is the username and ‘$apr1$yB1.9vIT$IVVBmq5vMauwsNR8CZdHQ. ’ is the MD5 encrypted password of ‘bar’.
      You can encrypt your password to MD5 using the free tool: MD5Online
   3. Upload the .htpasswd file in a secured directory of your web server which is not live. Also, make sure the file must not be opened using the path, https://yoursite.com/.htpasswd
2. Update the .htaccess file on your website with the below code.
   
   AuthName "Authorisation Required" AuthUserFile "full path of .htpasswd file" AuthType Basic require valid-user ErrorDocument 401 "Authorisation Required"

   1 2 3 4 5

   AuthName "Authorisation Required" AuthUserFile "full path of .htpasswd file" AuthType Basic require valid-user ErrorDocument 401 "Authorisation Required"

Once you have finished the above method, your website users can see a popup while landing to any web page. They need to add user and password to get access to the site.

Hope this is enough to provide access to your website to the limited users and secure it from the unauthorized users. Implement immense security with the above method until you are ready to make your site publicly available.

Isn’t it really easy? If not, don’t hesitate to ask your doubts in the comment section below. Also, vote the article with the 5 stars to keep me appreciated writing such useful tutorials.

Happy Website Protecting