The ability to password-protect iWeb-Sites is only available to those that publish to .Mac. Even though iWeb does not offer this ability to those who publish to a folder, it does not mean that it is not possible. This tutorial will show you how to easily protect your site with a password and an username.
For this tutorial, we will be using a free application called iTweak. It has been made to simplify such additions to the iWeb application and so it is just perfect to use.
Please note that this tutorial is only available to those who publish to a folder and upload to a server that is capable of running .htaccess files. Please ask your hosting service first before you start this tutorial.
View a the final result (a demo) here or get right started.
- As stated earlier, you will have to have downloaded the latest version of iTweak (this tutorial requires at least version 1.4.7). Publish your site from iWeb as well.
To protect your site, you need to have a password, a username and the absolute path to another file (more on that later). - We will start off with the login data.
htAccess, the method for the password protection, requires the login data to be encrypted. .
To encrypt your login data, visit this site. Enter your username and your preferred password into the two provided textfields. For this tutorial I will be using “Hello” as my username and “World” as my password. See this example:
Click “Create Password” and continue to the next step.
- Now you will get a page with your username and you password jammed between two dark blue bars. It should say your username and then a combination of weird letters and symbols separated from the username through a colon.
Copy this whole encryption and get ready to paste it into iTweak (Shortcut: Apple + C).
- Open up iTweak and navigate to the “Security” tab. Tick the option to password-protect your site and in the text-field labeled “Login Data” paste in the encrypted data from the previous step. Make sure you copy/type this password 100% correctly!!!
You can now type in your username in iTweak as well. Your window should now look something like this:
- Now we have to deal with filling the last text-field; the absolute path to the .htpasswd file. There are two options to solve this. Either you can use a file I made to easily get the absolute path (requires a PHP-capable server) or you have to contact your hosting service and ask them about the absolute path.
» Option A: Go ahead and download this file. Place the file named “info.php” inside the published folder from iWeb. Upload the whole folder (or just the contents, depending on how you like it) to your server. Now visit the file in your browser by typing a URL similar to this:
http://domain.com/Sitename/info.phpor if you only upload folder contents then type something similar to this:
http://domain.com/info.phpWhen you view the file you should find a huge blue table outlining all sorts of geeky stuff. Search for “SCRIPT_FILENAME” and to the right of that you will see the absolute path to the “info.php” file.
Now copy the whole path except for the first slash and the “/info.php” extension:
» Option B: If you server does not support PHP, then simply contact your hosting provider and ask them for the absolute path to be used inside your .htaccess file. They will know what your talking about.
In both cases, please note that the path varies from each person! There is no scheme or pattern that you can follow.
- Having acquired the absolute path in the previous step, copy and paste it into the provided text-field in iTweak. See this image:
- Now choose your published site by hitting the “Choose Published Site” button and then hit “Process Site.” iTweak will now protect your site with the 100% secure .htaccess method. It will create two invisible files that you won’t see in the Finder. If you upload your site to your server by simply grabbing the whole published folder, then thats fine and the protection will work fine. On the other hand, if you just upload the contents of a published folder, then you have to use something like Coda to view invisible files in your Mac and make sure they get uploaded as well!
- Done! The next time you publish, simply reuse iTweak to add the protection and your ready to go.
If you run into any problems, please contact me via email and do NOT use the comments form below.
Looking for iWeb Templates? Check out my huge collection right here.
If you have enjoyed this article and you wish to make a small donation, then feel free to do so by clicking here.
Was a bit confuse but then work great! Thanks
Great article Max! It shows that you really care about iTweak.
My question would be how to protect certain part of your site. Like, lets say, one page or several pages.
I was thinking about doing it through a separate folder. I don’t need the functionality now… I was just curious.
Hi! great little app, but i can’t quite get it to work… doing everything for pwd protection to protect one single site folder. It all seems to work but then it doesn’t accept the password I’ve entered. I’ve tried different user/passwords, and generated the crypted password using different generators on different sites. Any help much appreciated.
cheers
c
Hi Max,
Is this a problem that can’t be worked around?
thanks
c
I followed all of the steps in the tutorial, but I am still having no luck. I went through the encryption process and absolute path. I feel that I went wrong in the absolute path step because the extension was d:\\hosting…..then my website information. Could this be a correct address. I also need help with just protecting one web page on the site. Any feedback would be extremely helpful. Thanks.
-Nathaniel
Hi, I’m having trouble getting this app to work as well. And I think I’m missing a step.
Do you need to publish the iWeb site to its local folder after any of these steps? Can I copy limited files from the published folder to the server or does the whole site need to be re-uploaded?
After all of the above steps I’m seeing the invisible .htaccess files in my published folder and uploading them to my server (Using Fetch) and was hoping that this would be sufficient. But I’m not sure what other files iTweak is affecting that need to be replaced through the ftp connection.
I also copied the .php file up to the server to get the Script_Filename address.
I’m using iWeb 08 (2.0.3) and iTweak (1.4.5) Fetch (5.0.2) Safari and Firefox, cleaning cache for testing, and the Finder to access the invisible files and navigate to the rest of the published folder. Mac OSX 10.4.11
My server definitely handles .htaccess protection.
Thank you for any light can you shed on this.
- A
ok, I think I got it working. Sorry for the long comment. But like Chris above, the log-in box will not accept the password I’m using. Any fixes?
I had no luck trying to get Comcast to tell me the absolute path to the .htpaaswd file. Any advice?
Hi Max,
I have the same problem as Chris. The verification comes up but it doesn’t go through; meaning it doesn’t accept the password/username. I have checked and rechecked and redid the whole process thrice and I even tried choosing different parts of the published folder but still no success. If you have found an answer for Chris, maybe that would help me also. I’d appreciate any help.
thanks.mahbod.
If I already have a .htaccess file on my sever, used for blocking access to a string of IP’s, is there something I can add to this file to allow password protecting or will the script you wrote add or rewrite what I already have? Thanks for you help and knowledge.
David
Regarding Setting a Password:
I followed the iTweak path… and now my site shows it is password protected… BUT whe I enter what I think is the correct password, it does not accept it.
Is the user name and password I plug into KxS encrypter up to me, or does it have to correspond to some other info (like name of wesite, or my mac permissions etc.)…
Anyone have any ideas… ironic that my site is now SO safe that even I can’t get in.
I would appreciate any ideas
Peter
Max you rock,
All the things is try to do with iWeb bring me to you.
I do need to create one or more individual pages with a password or allow someone to download files. Getting to a page with the files seamed the easiest.
Please reply
I use .mac or mobileme account.
Thanks in advance
Joe
What a simple solution. I have not concurred all the options for iWeb. I still do not know the differences of 2 (or more) Sites?
Thanks for the reply
Joe
Hello! I am trying to password protect a site I’ve done in iWeb, and am not having any luck. Do you happen to know of any issues with GoDaddy? I’m using their FTP server, and am also wondering if the invisible PHP files aren’t getting uploaded also. Thanks for your help!
My web site is hosted on my hown Mac and used the “Web sharing” of Mac to do it. The file of my web site are located in my directory /Users/username/Sites/
Is it possible to protect my site with a password using iTweak. If it is possible, what is the absolute path where I have to save the file .htAccess and .htPassword.
If it is not possible, How can I protect my site ?
Hi,
Thanks for you response. Yes, I am using the websharing and that work fine because the people that have the address can visit the web site. I am trying your suggestion but, unfortunately, password protection is still not working.
First, when I used the info.php I only get (with both safar and firefox) which seems to be the content of the file itself when I open it with a Text editor.
I tried several directories for the .htpasswd file (/Users/username , /Users/username/Sites, try to figure out where apache server is install on my mac …) without any success for the moment. Note that each time I moved the .htpasswd file, I change manually the line AuthUserFile in the .htaccess file (which is located in the directory of the site I want protect). If I understand the Apache documentation, this line must tell where the .htpasswd is located.
I am still searching … and, if I finaly found the solution I will be happy to post a message here to inform some other people.
By the way this tutorial is very great and if any one have some idea to solve my problem, fill free to inform me.
regards,
XiaoWei.
Hi,
It is me again.
I finally solve my problem (needed to read a little of Apache documentation first). Using the machintosh websharing it is also possible to protect an iWeb site via .htaccess and .htpasswd files.
As explain in the tutorial, you can create this two file using itweak. The absolute directory for the .htpasswd file can be wherever you want on your hard drive (just remember that the .hpasswd file must not be accessible via the net – see the tutorial – therefore, I choose /Users/username directory for the absolut path.). After beeing created by iTweak, move the .htpasswd file into the chosen directory.
It is not yet finish. You must allow apache to access the .htaccess file and .htpasswd file. To do so, edit your apache config file “username.conf” which is located into /private/etc/apache2/users/ directory on Leopard (I do not know if it is the same for Tigger).
Change the line “AllowOverride none” by “AllowOverride AuthConfig”
Now it must work
Thanks again for the nice tutorial.
Hi Max!
I started from zero and in 2 weeks with the help of iWeb 2.0 and your’s I’ve managed to create a great site for my magic club.
Now I have to password protect some part of my site (the secret is essential in illusionism!) and I red already about the idea of creating another site and password protect this. This is ok but not perfect cause I’d like to publish some web magic lessons to be accessed only to those who passed some examination and some real lessons.
So these are my 2 problems:
* Password protect single pages (I’m ready to study some HTML coding or something if that is not a huge work. Hard is fine, huge is too much) and I’d like to find some sort of guide to do this.
* For each section to be protected to create a list of username and passwords allowed so that some users can access some pages and not others. In your tutorial is explained how to create only one user and one password. Is there a way to have multiple passwords?
Thank you in advance!
Berok
Thank you very much for your help!
I will try this as soon as possible: my site ( http://www.bartolomeobosco.net if you ever wish to visit to see the implementations I already did thanks to your tutorials) is growing fast and I am a little overloaded
Anyway you suggested CODA to edit the files.
Can I also do this with my favourite cyberduck? (Obiouvsly downloading, editing and then uploading the files)
Should I edit these files every time I add something to the site or I have just to update the file just when I add a new page to protect?
So the snippet:
Require user NAME
is meant to protect the page FILE.HTML? Or the whole site?
And NAME is a name of an user? So I protect that page and only that user can access? Or the whole user list can access respectively with their username and pwd?
Thank you so much!
Berok
Hey Matt, I’m having a problem with my password not taking. I have double checked it and the absolute path. I am trying to password protect one site within my domain and have the .htaccess and .htpassword within those files. The absolute path, I believe, is for the whole domain, not specifically one of the two websites I have. If you could help, that would be great.
Thanks,
Mark
Hi Max,
Could you show me how to password protect certain pages of my website? I host with Lunar pages, not .mac server.
Thank you.
Hi Max,
Somehow even by reading thru all above I cant get the protection to work. When i upload the info.php file in my mobile me webspace in the map of the right site and then try and open it thru the webbrowser, all it does is downloading the same file to my computer.
What am i doing wrong?
Thanx a lot
Do you know if you could have homepage viewable, but when they navigate any other buttons it than promps for password? Thanks Mark
We are trying to set up a password encoded website using itweak.
I have been following the instructions from this site;
I’m not sure what we are doing wrong, but when we try and open our web site the passwords don’t seem to work. When it eventually opens the website is is incomplete with text out of alignment and none of the pictures working. Can you suggest where we may be going wrong?
Your awesome I tried that for half a year on my other site which i wrote in html and css instead of iWeb but nerver was able to do it because I wrote the forst / in the path
(((((((( and the same with the contact field tutorial ur awesoem !!!!!!!!!!!!
Can someone tell me a web server I can use fror free and how to upload the folder, I have done all of the steps but I am stuck on step VI. I am sort of new to mac and I am really stuck.
Help me!!!
Hi Max,
I went through each step slowly and can’t figure out why I can’t get this password protection working. I am not even getting my .htaccess file up to the site with cyberduck. I have the settings to view hidden files and I can’t see them. I guess I am missing something somewhere… I went through the process of getting the login data and uploading the php file to get my absolute path and all entered into itweak then choose my published site and then processed it… uploaded it with cyberduck and nothing!
what am I doing wrong?
Thanks greatly,
Julia
Hey Max,
I’m trying to protect my site using your tutorial (haven’t finished yet, have to wait for my provider to give me my absolute path), and you say it is impossible to protect a part of your website (a few pages for instance). But on the same time a part of this website is protected: http://guimkie.com/iwebdemos/passwordprotectiwebsite/
Am I right, or am I just mistaking? If I’m right, can you tell me how you did that? If I’m wrong it just confirms I’m still a internet n00b
Thanks,
Harm
Did Brian ever find out how to get the absolute path from Comcast?
Does this system allow visitors to sign up to my website then view any content on my pages? or is it mainly to keep the website private? (i.e. admin and such things)
Any help would be appreciated.
Elliot
Thanks for the help on this tutorial it worked great, I tried for two days to get the .htaccess to work and your tutorial fixed my issue in no time. Thanks
Question, I need my users to my site to log in every time after their browser has closed. I don’t want the password saved in their browser. How can I fix this if possible.
Thanks for any suggestions
Need help…
My password did’nt work (or login) but i’m sure they are correct !
I create a mini-site (a private space) inside my website (public space) ;
So my absolute path looks like : blablabla/blabla……………/blabla.html/.htpasswd
Is the problem coming from .html ?
Hey Max how do I upload my site folder with the file info.php if i usually publish my site from iWeb clicking on Publish Site?
I tried to do this, but got stuck on the step to get the absolute path. The info.php did not work. It came back to say “you are not authorized to view this site”. I then called the host (comcast) and they said they “no longer support absolute paths or passwords”. I’m not sure the person I was speaking with understood what I wanted. She checked with her supervisor and that’s who said that they do not support “absolute paths”. Is there anything else I can do? Thanks!!
Hi There,
I keep hitting the same wall: I’ve followed the tutorial verbatim, and keep getting an Internal Server Error after I am prompted for a username and password!
I have at home a server from Synology and a Imac with Snow Leopard
Ik have try the info.php in my root but I think the absolute path is not wright. Every time page not found. I hope you can help me
Jacobus
Hi,
I tried emailing and searching the comments for an answer to this question first, but to no avail.
I just wanted to know where the published site folder is that I’m suppose to choose from itweak? If I’m publishing my site via iWeb, the only real file there is for the site is the domain file which is not clickable through the “choose published folder” option.
Can anyone help me out with this?
Thanks,
Steve
Alright, I figured out my last problem, and followed the directions to the “T”. The site is up but doesn’t prompt me for a user name/psswrd.
I’m going to forge ahead and try to figure this out on my own but if anyone can help that’d be awesome!
Thanks!
Figured it out. But now it’s only prompting me for a psswd to see the movie I have on my 2nd page, but not the entire site! All I have to do is hit cancel and enter the site. that’s weird.
im having a hell of a time getting this one to work.
Would you mind having a look at my files please. I’ve been over and over but im doing something wrong. I can see the htaccess and psw files
i’ve used filezilla
host: redchilidesign.net
psw: redchili
psw:vadger
public html/password/password
all the files are in there. I half got it working once but when i logged in it didnt go to the site. Now the pasword isnt coming up. Any help would be appreciated
Clint
Steve did you get it to work… If so what host are you using and how did you create a folder…
better to use video tutorial to see the real or live instruction.
Hi Guys,
Hope you are well.
I’m trying to install a password protection on my iWeb site. I have created a handful of sites on iWeb and they are all hosted with GoDaddy.
I have found what my absolute path for the .htaccess is, but am coming to a dead end when doing step 7. in the iTweak Tutorial ie. when hitting the ‘Choose Published Site’ button. When I click this ‘Choose Published Site’ button, there is only one file sitting in the iWeb folder on my hard drive which is the domain file, which is not clickable through this ‘Choose Published Folder’ option. (having the same problem that Steve originally had)
Are you guys able to help me out with this please?
I only want the password protection on one of my iWeb websites and not all of them and not sure if I can do this seeing as they are all hosted with GoDaddy and have the same absolute path under this hosting account.
Many thanks and look forward to hearing from you.
Cheers,
Heidi
Thanks for the post. Really enjoyed it
Hi,
I’m having the same problem as Heidi. Can anyone please help us?
Thank you
Heidi and Rasmus, I don’t think you can block only 1 site on a shared host like Godaddy unless you have the sites hosted on separate IPs.
Hi,
I want to protect one of the pages of my site. Where do I have to place the ‘info.php’ file? Not in the folder of the entire site, right? Because that way it will protect the whole site. So I guess I have to place it in the folder (page_files) of the page I want to protect. But I tried this, and it’s not working…
Hope to hear from you soon.
Thanks!
Harm
Hi,
I have the same problem with the protection of my website as many of you in your responses . When I enter the adres of my website in my browser the pop up shows up where I can fill in my username and password. But when I enter the correct username and password, as I made on http://www.kxs.net/support/htaccess_pw.html, it doesn’t accept the password. I’m sure that I enter the correct password.
I couldn’t find the solution to this problem here and I send a email to Gumkie, but no reaction.
I hope someone here can help me to figure this out.
Many thanks already!
Greetings Elena