Join 3,442 readers in helping fund MetaFilter (Hide)


How to password protect a web site?
July 17, 2007 11:35 PM   Subscribe

I only want some specific people to be able to read my family website, so I have a two-pronged website password protection question.

I would like to password-protect a website run by Wordpress. It shouldn't be indexable or searchable or even readable to anybody who doesn't know the password I'd send out to the people who would read it-- basically a family blog, for just the family and friends to read.

First, ideally the front page should just have one password field to fill out, and then they'd click okay and be able to do everything like it wasn't password protected-- no special user page or anything, which is what I get when I sign in to Wordpress with a "subscriber" account.

Second, I'd like for people to only have to fill in the password box once. It'd be nice if their putting in the right password would approve their IP address to read it, so every time they came back on that computer it'd skip right to the normal web site.

So, all that family or friends would have to do to read it would be to have the address bookmarked and enter the password once.

Are either of these things possible, and if so, what's the easiest way to do them? Failing that, any other possibilities are welcome.
posted by freddymungo to Computers & Internet (10 answers total) 10 users marked this as a favorite
 
Basic Authentication has the benefit of allowing access in the form:

http://user:pass@yoursite.com

If you set this up using .htaccess, you could fill out the username and password and give your friends and family the link with the username/password already entered. No one else would be able to access the site and the people you gave the link to would never need to enter the password.
posted by null terminated at 11:39 PM on July 17, 2007


Don't tie authentication to an IP address. If any of your intended users are on dynamically assigned IP's, Bad Things will happen. Use a cookie, just like Mefi does.
posted by flabdablet at 11:49 PM on July 17, 2007


I use Filezilla so the tutorial lost me at creating the .htpasswd file. Other than that, it seems to be just what I'm looking for...
posted by freddymungo at 11:50 PM on July 17, 2007


This is a great thread. I'm also trying to set up a blog that is only visible to certain users, but the password-per-post method seems fairly inelegant.

I know that Vox has better privacy controls than does WordPress, but Vox's UI is kind of...dumb looking.
posted by KokuRyu at 11:58 PM on July 17, 2007


freedymungo: There are a few online tools that will generate the data needed to put in the .htpasswd file.

Here's one.


That will let you generate a username and password pair. If you copy that into a file named .htpasswd and make sure the htaccess file points to it, it should work.
posted by null terminated at 12:00 AM on July 18, 2007


Another helper site. One more.
posted by null terminated at 12:02 AM on July 18, 2007


@null terminated

Hasn't IE had inURL user:pass login disabled since 2005? Not that I'm an IE user, but freddymungo's family/friends could be.
posted by dance at 1:31 AM on July 18, 2007


It looks like there are a few Wordpress plugins that do add this feature, basically by taking advantage of the user-level feature that is built into Wordpress (but easy to overlook). This one seems pretty flexible. You can restrict certain categories to certain user levels, which seems like the easiest "fire and forget" method.
posted by adamrice at 6:49 AM on July 18, 2007


Hasn't IE had inURL user:pass login disabled since 2005? Not that I'm an IE user, but freddymungo's family/friends could be.

Yep it's been disabled for a long while. See this page for their explanation. You can re-enable it with a registry hack (described on the page) but I don't think that's advisable for his target audience :)

As for original question, you could always use LiveJournal or something similar; it allows you to restrict posts to groups of users, and already takes care of the whole authentication thing for you. I have a feeling they may even support using your own domain name, if that's what you're after.
posted by jon4009 at 6:54 AM on July 18, 2007


dance: Thanks, I didn't know that. Nevermind then.
posted by null terminated at 7:54 AM on July 18, 2007


« Older What can I do to make laser ha...   |  I'm 6' 5" and wear an 18 ... Newer »
This thread is closed to new comments.