Password-Protect iWeb Sites

11 May '08 Filed under Tutorials, iTweak, iWeb -

The ability to password-protect iWeb-Sites is only available to those that publish to .Mac. Even though iWeb does not offer this ability to those who publish to a folder, it does not mean that it is not possible. This tutorial will show you how to easily protect your site with a password and an username.

For this tutorial, we will be using a free application called iTweak. It has been made to simplify such additions to the iWeb application and so it is just perfect to use.

Please note that this tutorial is only available to those who publish to a folder and upload to a server that is capable of running .htaccess files. Please ask your hosting service first before you start this tutorial.

View a the final result (a demo) here or get right started.

  1. As stated earlier, you will have to have downloaded the latest version of iTweak (this tutorial requires at least version 1.4.7). Publish your site from iWeb as well.
    To protect your site, you need to have a password, a username and the absolute path to another file (more on that later).
  2. We will start off with the login data.
    htAccess, the method for the password protection, requires the login data to be encrypted. .
    To encrypt your login data, visit this site. Enter your username and your preferred password into the two provided textfields. For this tutorial I will be using “Hello” as my username and “World” as my password. See this example:

    Click “Create Password” and continue to the next step.

  3. Now you will get a page with your username and you password jammed between two dark blue bars. It should say your username and then a combination of weird letters and symbols separated from the username through a colon.

    Copy this whole encryption and get ready to paste it into iTweak (Shortcut: Apple + C).

  4. Open up iTweak and navigate to the “Security” tab. Tick the option to password-protect your site and in the text-field labeled “Login Data” paste in the encrypted data from the previous step. Make sure you copy/type this password 100% correctly!!!
    You can now type in your username in iTweak as well. Your window should now look something like this:

  5. Now we have to deal with filling the last text-field; the absolute path to the .htpasswd file. There are two options to solve this. Either you can use a file I made to easily get the absolute path (requires a PHP-capable server) or you have to contact your hosting service and ask them about the absolute path.

    » Option A: Go ahead and download this file. Place the file named “info.php” inside the published folder from iWeb. Upload the whole folder (or just the contents, depending on how you like it) to your server. Now visit the file in your browser by typing a URL similar to this:

    http://domain.com/Sitename/info.php

    or if you only upload folder contents then type something similar to this:

    http://domain.com/info.php

    When you view the file you should find a huge blue table outlining all sorts of geeky stuff. Search for “SCRIPT_FILENAME” and to the right of that you will see the absolute path to the “info.php” file.
    Now copy the whole path except for the first slash and the “/info.php” extension:

    » Option B: If you server does not support PHP, then simply contact your hosting provider and ask them for the absolute path to be used inside your .htaccess file. They will know what your talking about.

    In both cases, please note that the path varies from each person! There is no scheme or pattern that you can follow.

  6. Having acquired the absolute path in the previous step, copy and paste it into the provided text-field in iTweak. See this image:

  7. Now choose your published site by hitting the “Choose Published Site” button and then hit “Process Site.” iTweak will now protect your site with the 100% secure .htaccess method. It will create two invisible files that you won’t see in the Finder. If you upload your site to your server by simply grabbing the whole published folder, then thats fine and the protection will work fine. On the other hand, if you just upload the contents of a published folder, then you have to use something like Coda to view invisible files in your Mac and make sure they get uploaded as well!
  8. Done! The next time you publish, simply reuse iTweak to add the protection and your ready to go.
    If you run into any problems, please contact me via email and do NOT use the comments form below.

Looking for iWeb Templates? Check out my huge collection right here.

If you have enjoyed this article and you wish to make a small donation, then feel free to do so by clicking here.

This entry was posted on Sunday, May 11th, 2008 at 9:07 am and is filed under Tutorials, iTweak, iWeb and tagged in, , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

25 Comments

  1. Pedro Da Silba posted:
    11 May 08 at 12:46 pm

    Was a bit confuse but then work great! Thanks

  2. trixit posted:
    11 May 08 at 3:58 pm

    Great article Max! It shows that you really care about iTweak.

    My question would be how to protect certain part of your site. Like, lets say, one page or several pages.

  3. Max Karreth posted:
    11 May 08 at 5:43 pm

    Trixit,

    Thats probably gonna get a bit difficult because you’d end up writing the files yourself - so iTweak won’t be any use to you. :-D
    Two options here, either you put those pages you want to protect into a separate site folder OR you drop me mail and ill show you how to protect individual pages. :-D
    Max

  4. trixit posted:
    11 May 08 at 10:57 pm

    I was thinking about doing it through a separate folder. I don’t need the functionality now… I was just curious.

  5. Chris posted:
    28 May 08 at 10:27 pm

    Hi! great little app, but i can’t quite get it to work… doing everything for pwd protection to protect one single site folder. It all seems to work but then it doesn’t accept the password I’ve entered. I’ve tried different user/passwords, and generated the crypted password using different generators on different sites. Any help much appreciated.

    cheers

    c

  6. Chris posted:
    05 Jun 08 at 6:11 am

    Hi Max,

    Is this a problem that can’t be worked around?

    thanks

    c

  7. Max Karreth posted:
    05 Jun 08 at 10:05 pm

    Chris,

    Sorry for not replying to your comment in the first place, I must have skipped it. Would you mind sending me an email with the password you want to use and the crypted version so I can see what is wrong.
    Also, if you upload your site to your server and then activate (under “view” in most cases”) to show invisible files, you see a file named .htaccess and .htpasswd. Rename both to pps.htacess and pps.htpasswd and send them to me as well. The email address is mail at guimkie dot com.

    Thanks,

    Max

  8. Nathaniel posted:
    25 Jun 08 at 3:45 am

    I followed all of the steps in the tutorial, but I am still having no luck. I went through the encryption process and absolute path. I feel that I went wrong in the absolute path step because the extension was d:\\hosting…..then my website information. Could this be a correct address. I also need help with just protecting one web page on the site. Any feedback would be extremely helpful. Thanks.

    -Nathaniel

  9. Max Karreth posted:
    25 Jun 08 at 8:10 pm

    Nathaniel,

    Do you mind sending me a screenshot of this PHP file where you get the path? You can use this email: mail@@@guimkie.com (delete two of the @s - just a spam measure).

    Regards,

    Max

  10. Andy posted:
    30 Jun 08 at 12:43 am

    Hi, I’m having trouble getting this app to work as well. And I think I’m missing a step.

    Do you need to publish the iWeb site to its local folder after any of these steps? Can I copy limited files from the published folder to the server or does the whole site need to be re-uploaded?

    After all of the above steps I’m seeing the invisible .htaccess files in my published folder and uploading them to my server (Using Fetch) and was hoping that this would be sufficient. But I’m not sure what other files iTweak is affecting that need to be replaced through the ftp connection.

    I also copied the .php file up to the server to get the Script_Filename address.

    I’m using iWeb 08 (2.0.3) and iTweak (1.4.5) Fetch (5.0.2) Safari and Firefox, cleaning cache for testing, and the Finder to access the invisible files and navigate to the rest of the published folder. Mac OSX 10.4.11

    My server definitely handles .htaccess protection.

    Thank you for any light can you shed on this.

    - A

  11. Andy posted:
    30 Jun 08 at 1:24 am

    ok, I think I got it working. Sorry for the long comment. But like Chris above, the log-in box will not accept the password I’m using. Any fixes?

  12. Max Karreth posted:
    30 Jun 08 at 10:10 pm

    Andy,

    Yes, if you see the invisible files with Fetch, then go ahead and only upload them. Its just that most people dont see the invisible files and so you have to upload the whole folder. Because you see them, go ahead and upload only the invisible files and all the things you wish.

    For the password. Are you sure you have copied the correct encrypted password? Are you also sure that the path in the htaccess file is correct? Drop me a mail if you have further problems.

    Regards,

    Max

  13. brian posted:
    20 Jul 08 at 3:08 am

    I had no luck trying to get Comcast to tell me the absolute path to the .htpaaswd file. Any advice?

  14. Max Karreth posted:
    22 Jul 08 at 7:12 pm

    Brian,

    They did not tell you the path? I would drop them a call and tell them you need that thing ASAP and since your paying them, you should be at least informed about your path.
    Else, just use the file to get the path.

    Max

  15. Mahbod posted:
    25 Jul 08 at 4:58 am

    Hi Max,

    I have the same problem as Chris. The verification comes up but it doesn’t go through; meaning it doesn’t accept the password/username. I have checked and rechecked and redid the whole process thrice and I even tried choosing different parts of the published folder but still no success. If you have found an answer for Chris, maybe that would help me also. I’d appreciate any help.

    thanks.mahbod.

  16. David posted:
    29 Jul 08 at 9:43 pm

    If I already have a .htaccess file on my sever, used for blocking access to a string of IP’s, is there something I can add to this file to allow password protecting or will the script you wrote add or rewrite what I already have? Thanks for you help and knowledge.

    David

  17. Max Karreth posted:
    30 Jul 08 at 3:33 pm

    David,

    iTweak will directly always create the new file and not add something to an existing one. So what you would have to do is manually edit your htaccess file to include all the contents of the htaccess file that iTweak has made.

    Regards,

    MAx

  18. Peter posted:
    04 Aug 08 at 9:39 pm

    Regarding Setting a Password:
    I followed the iTweak path… and now my site shows it is password protected… BUT whe I enter what I think is the correct password, it does not accept it.

    Is the user name and password I plug into KxS encrypter up to me, or does it have to correspond to some other info (like name of wesite, or my mac permissions etc.)…

    Anyone have any ideas… ironic that my site is now SO safe that even I can’t get in.
    I would appreciate any ideas
    Peter

  19. Max Karreth posted:
    05 Aug 08 at 8:05 pm

    Peter,

    Drop me a email about it. Thanks.

    Max

  20. joemed posted:
    06 Aug 08 at 5:13 am

    Max you rock,
    All the things is try to do with iWeb bring me to you.
    I do need to create one or more individual pages with a password or allow someone to download files. Getting to a page with the files seamed the easiest.

    Please reply
    I use .mac or mobileme account.

    Thanks in advance
    Joe

  21. Max Karreth posted:
    07 Aug 08 at 8:22 pm

    Joe,

    Well what you can do is protect a certain site. You cannot protect individual pages. With iTweak, you can’t do that either and since you are on .Mac, my technique won’t work in any case.

    Though, what I suggest is to simply create an extra site called “Downloads” or something. Protect that one. This is where people can then access the one page (which is inside the downloads site). So on and so forth…

    Max

  22. joemed posted:
    08 Aug 08 at 2:23 am

    What a simple solution. I have not concurred all the options for iWeb. I still do not know the differences of 2 (or more) Sites?

    Thanks for the reply

    Joe

  23. Max Karreth posted:
    08 Aug 08 at 8:31 am

    Joe,

    If you click on the “File” menu in iWeb, you can choose to add a new “page” or a new “site.” That allows you to have two sites. The difference with two sites is that they are separate and are accessible via two different addresses. For example:

    http://web.mac.com/site1/Home.html
    http://web.mac.com/site2/Home.html

    Max

  24. Jori posted:
    14 Aug 08 at 12:28 pm

    Hello! I am trying to password protect a site I’ve done in iWeb, and am not having any luck. Do you happen to know of any issues with GoDaddy? I’m using their FTP server, and am also wondering if the invisible PHP files aren’t getting uploaded also. Thanks for your help!

  25. Max Karreth posted:
    14 Aug 08 at 1:04 pm

    No, GoDaddy should be workin 100% fine. With what application are you uploading the stuff? Cyberduck? Coda? Coda and Cyberduck both offer a feature that allows you to see the invisible files. In most cases it is under the “View” menu item.
    Did you do the tutorial with iTweak 1.4.6? Is the absolute path 100% correct?

    Regards,

    Max

Post a comment:

« Two Videos Back up!

iTweak “Options” Change »