A Guide on Using .htaccess to Password Protect Your Magento Store

Hello Magento pals,

Last time we learned How to Display programmatically created custom options in admin order details in Magento 2.

Today, we will learn an interesting topic How to Password Protect Your Magento Store With .htaccess in Magento 2,

Contents

1 Introduction
2 Reasons why do you need htaccess authentication.
3 Configure Guide
4 Final Words

Introduction

Basically, there is a huge growth in increase on password guess attacks on Magento installations. Sometimes while surfing you might have noticed that you came across any website who is asking for username and password for granting permission to access the website. Mainly, this type of website is containing passwords to protect against the spammers and hackers. To overcome this problem I have came with the best solution in this article.

Reasons why do you need htaccess authentication.

Google can’t index your secure website. Development server must be protected with HTTP authentication.
When some developments are going on and you don’t want to let people access the website.
Restricted access to website/pages/customers or private website.

Configure Guide

Step 1: Firstly, with the use FTP or Cpanel to reach to Magento 2 root folder.

Step 2: Then open the .htaccess file and add following code at top.

AuthName "User: admin. Password: admin123"

AuthUserFile /patch/to /.htpasswd

AuthType Basic

require valid-user

ErrorDocument 401 "Authorisation Required"

Step 3: Create a file with name of .htpasswd in Magento 2 root. If you want to upload password file somewhere else, you can but make sure you mention the path accordingly in above code then.

Step 4: Use this tool

https://hostingcanada.org/htpasswd-generator/
To setup username and password as given in the below image.

Step 5: Lastly open file .htpasswd now and copy paste the user and encrypted password for example

admin:$apr1$74z9mjal$JKvdv4G7GMpIxc/8m.OPh0

Where, admin is the username and $apr1$74z9mjal$JKvdv4G7GMpIxc/8m.OPh0 is the password respectively.

Final Words

That’s it for today! By implementing the given above steps you will be able to complete the protection for your website. You can overcome the problem of attacks by spammers and hackers to your website.

Last but not least, if you found the blog interesting, don’t forget to share with your Magento pals. Feel free to Contact Us if you find any difficulty in implementing the above steps.

Happy Magento Learning!

Click to rate this post!

[Total: 4 Average: 5]

Gaurav Jain

Gaurav Jain is Co-Founder and Adobe Certified Expert-Magento Commerce Business Practitioner. Being Computer Engineer👨‍💻 and possessing Extensive Marketing skills he handles all kinds of customer Queries and his Happy😀 & Helping🙏 Nature makes customer's day Delightful. When he isn’t working, you’ll find Gaurav Reading on Books📖 or Traveling🚗. Also, he is Speaker at Magento Meetups.