Password-Protect iWeb Sites
11 May '08 Filed under Tutorials, iTweak, iWeb -
The ability to password-protect iWeb-Sites is only available to those that publish to .Mac. Even though iWeb does not offer this ability to those who publish to a folder, it does not mean that it is not possible. This tutorial will show you how to easily protect your site with a password and an username.
For this tutorial, we will be using a free application called iTweak. It has been made to simplify such additions to the iWeb application and so it is just perfect to use.
Please note that this tutorial is only available to those who publish to a folder and upload to a server that is capable of running .htaccess files. Please ask your hosting service first before you start this tutorial.
So let’s get right started!
- As stated earlier, you will have to have downloaded the latest version of iTweak. Publish your site from iWeb as well.
To protect your site, you need to have a password, a username and the absolute path to another file (more on that later). - We will start off with the password.
You cannot just type your password directly into iTweak because it has to be encrypted.
To encrypt your password, visit this site. Then, enter your username and your preferred password. For this tutorial I will be using “Hello” as my username and “World” as my password. See this example:
Click “Create Password” and continue to the next step.
- Now you will get a page with your username and you password jammed between two dark black bars. It should say your username and then a combination of weird letters and symbols separated from the username through a colon. Now copy this encrypted password to your clipboard (Shortcut: Apple + C).
- Open up iTweak and navigate to the “Security” tab. Tick the option to password-protect your site and in the text-field labeled “Crypted Password” paste in the encrypted password from the previous step. Make sure you copy/type this password 100% correctly!!!
You can now type in your username in iTweak as well. Your window should now look something like this:
- Now we have to deal with filling the last text-field; the absolute path to the .htpasswd file. There are two options to solve this. Either you can use a file I made to easily get the absolute path (requires a PHP-capable server) or you have to contact your hosting service and ask them about the absolute path.
» Option A (Choose this one if your server has PHP): Go ahead and download this file. Place the file named “info.php” inside the published folder from iWeb. Upload the whole folder (or just the contents, depending on how you like it) to your server. Now visit the file in your browser by typing a URL similar to this:
http://domain.com/Sitename/info.phpor if you only upload folder contents then type something similar to this:
http://domain.com/info.phpWhen you view the file you should find a huge blue table outlining all sorts of geeky stuff. Search for “SCRIPT_FILENAME” and to the right of that you will see the absolute path to the “info.php” file.
Now copy the whole path except for the first slash and the “/info.php” extension:
» Option B (Only choose this if your server does not have PHP): If you server does not support PHP, then simply contact your hosting provider and ask them for the absolute path to be used inside your .htaccess file. They will know what your talking about.
- Having acquired the absolute path in the previous step, paste it into the provided text-field in iTweak. See this image:

- Now choose your published site by hitting the “Choose Published Site” button and then hit “Process Site.” iTweak will now protect your site with the 100% secure .htaccess method. It will create two invisible files that you won’t see in the Finder. If you upload your site to your server by simply grabbing the whole published folder, then thats fine and the protection will work fine. On the other hand, if you just upload the contents of a published folder, then you have to use something like Coda to view invisible files in your Mac and make sure they get uploaded as well!
- Done! The next time you publish, simply reuse iTweak to add the protection and your ready to go.
Looking for iWeb Templates? Check out my huge collection right here.
If you have enjoyed this article and you wish to make a small donation, then feel free to do so by clicking here.
11 May 08 at 12:46 pm
Was a bit confuse but then work great! Thanks
11 May 08 at 3:58 pm
Great article Max! It shows that you really care about iTweak.
My question would be how to protect certain part of your site. Like, lets say, one page or several pages.
11 May 08 at 5:43 pm
Trixit,
Thats probably gonna get a bit difficult because you’d end up writing the files yourself - so iTweak won’t be any use to you.

Two options here, either you put those pages you want to protect into a separate site folder OR you drop me mail and ill show you how to protect individual pages.
Max
11 May 08 at 10:57 pm
I was thinking about doing it through a separate folder. I don’t need the functionality now… I was just curious.
28 May 08 at 10:27 pm
Hi! great little app, but i can’t quite get it to work… doing everything for pwd protection to protect one single site folder. It all seems to work but then it doesn’t accept the password I’ve entered. I’ve tried different user/passwords, and generated the crypted password using different generators on different sites. Any help much appreciated.
cheers
c
05 Jun 08 at 6:11 am
Hi Max,
Is this a problem that can’t be worked around?
thanks
c
05 Jun 08 at 10:05 pm
Chris,
Sorry for not replying to your comment in the first place, I must have skipped it. Would you mind sending me an email with the password you want to use and the crypted version so I can see what is wrong.
Also, if you upload your site to your server and then activate (under “view” in most cases”) to show invisible files, you see a file named .htaccess and .htpasswd. Rename both to pps.htacess and pps.htpasswd and send them to me as well. The email address is mail at guimkie dot com.
Thanks,
Max
25 Jun 08 at 3:45 am
I followed all of the steps in the tutorial, but I am still having no luck. I went through the encryption process and absolute path. I feel that I went wrong in the absolute path step because the extension was d:\\hosting…..then my website information. Could this be a correct address. I also need help with just protecting one web page on the site. Any feedback would be extremely helpful. Thanks.
-Nathaniel
25 Jun 08 at 8:10 pm
Nathaniel,
Do you mind sending me a screenshot of this PHP file where you get the path? You can use this email: mail@@@guimkie.com (delete two of the @s - just a spam measure).
Regards,
Max
30 Jun 08 at 12:43 am
Hi, I’m having trouble getting this app to work as well. And I think I’m missing a step.
Do you need to publish the iWeb site to its local folder after any of these steps? Can I copy limited files from the published folder to the server or does the whole site need to be re-uploaded?
After all of the above steps I’m seeing the invisible .htaccess files in my published folder and uploading them to my server (Using Fetch) and was hoping that this would be sufficient. But I’m not sure what other files iTweak is affecting that need to be replaced through the ftp connection.
I also copied the .php file up to the server to get the Script_Filename address.
I’m using iWeb 08 (2.0.3) and iTweak (1.4.5) Fetch (5.0.2) Safari and Firefox, cleaning cache for testing, and the Finder to access the invisible files and navigate to the rest of the published folder. Mac OSX 10.4.11
My server definitely handles .htaccess protection.
Thank you for any light can you shed on this.
- A
30 Jun 08 at 1:24 am
ok, I think I got it working. Sorry for the long comment. But like Chris above, the log-in box will not accept the password I’m using. Any fixes?
30 Jun 08 at 10:10 pm
Andy,
Yes, if you see the invisible files with Fetch, then go ahead and only upload them. Its just that most people dont see the invisible files and so you have to upload the whole folder. Because you see them, go ahead and upload only the invisible files and all the things you wish.
For the password. Are you sure you have copied the correct encrypted password? Are you also sure that the path in the htaccess file is correct? Drop me a mail if you have further problems.
Regards,
Max
20 Jul 08 at 3:08 am
I had no luck trying to get Comcast to tell me the absolute path to the .htpaaswd file. Any advice?
22 Jul 08 at 7:12 pm
Brian,
They did not tell you the path? I would drop them a call and tell them you need that thing ASAP and since your paying them, you should be at least informed about your path.
Else, just use the file to get the path.
Max