Putting some form of password verification in place for a website can be an essential part of sharing content with accredited users. But how can one validate these credentials as well as where they are stored? The answer: it is with the .htpasswd file. And what is .htpasswd?
This is what you are about to learn in this article, especially if you read it to the end.
What is .htpasswd?
A .htpasswd file is generally used when protecting a folder, file or even an entire website with a password using ‘HTTP’ authentication. It is usually carried out using guidelines within a .htaccess file.
User credentials are often stored on separate lines, and each line contains a username as well as a password. These are separated by a colon (:). Usernames are usually stored in plain text. But passwords are generally stored using an encrypted hashed format.
This encryption is, more often than not, MD5; in Linux, however, it can be based primarily on the crypt () function. Naming the password file with any word or phrase is possible. But experts advise against doing so. This is because Apache is preconfigured to use only .htpasswd by default while ‘dot’ files – i.e. files that begin with ‘.’ – are typically hidden files.
How can you create a .htpasswd file?
You can create a .htpasswd file in several ways, depending on your platform. The easiest method, however, is to visit any of the numerous .htpasswd-creation sites and follow every instruction in order to generate the required entries for a .htpasswd file.
The highly recommended .htpasswd file generator is the one offered ‘htaccesstools.com’ as it is straightforward and precise. Check out the Htpasswd generator.
When you visit the ‘htaccesstools.com’ site, make sure you already have a username in mind. Let’s say you choose the following username: steve123.
Next, you will have to be logged into your server through SSH. How to do this will be discussed in the next section, though you can skip it if you are already familiar with the step.
And finally, execute the command below (you will need to use ‘sudo’ if you are executing this command as a non-root user):
htpasswd – c /home/usernamehere/.htpasswd steve123
You will then be prompted to provide and then confirm a password for this particular user.
But what if you want to add more users, you ask? You can do so by using this command:
htpasswd /home/usernamehere/ .htpasswd newUser2
Checking the contents of the .htpasswd file, you should see something like these:
Steve123:$apr1$FaPCZHMe$jYiw5.9UevKx25pBH4AsT/
newUser2:$apr1$mrCHcVhc$oNdJeRcWKPk2z8dlzQI0x/
bearing these in mind, no one would stop you if you create a script that readily adds a user’s authorizations or credentials automatically to the question What is .htpasswd? file as soon as it is created or approved.
How to connect to your server via SSH
If you are not familiar with how to connect to your Dedicated, Cloud, or VPS server via SSH, this section will show you how. This brief guide will be split into two: the first part will be for those who use Windows or connecting with Mac and Linux.
For Windows
Step 1: You need to install an SSH client on your computer. Use PuTTY (for Windows) and the built-in Terminal for Mac ad Linux operating systems.
Step 2: You need to check your email for a ‘welcome’ message which will also include the dedicated IP. Type in the IP in the ‘Host Name’ field. But if you already have a domain linked with this server, you can use it as well.
Step 3: Next, make sure the port is set to your SSH port, which, by default, is 22. But the port may be different if you have modified it manually already.
Step 4: As soon as you have obtained all the necessary information and entered them into the listed fields, click the ‘Open’ button to start your SSH session.
A new window pops open and asks you for your username/login name and password. The password box will not update even as you type it in. This is an essential security measure.
Press ‘Enter’ to authenticate as soon as your password is typed.
Take note: Have you saved a private SSH Key to your computer, and you are yet to configure it through Cloud Control so that it can be added automatically when you connect to a new Instance?
Then you may need to load the Session you created by doing the following:
Go to SSH > Auth > Browse your computer for your private key. Then, move back to Session and save the settings in order to load your private key. And voila! You are now connected to the server using SSH.
Connecting with Linux and Mac
If you want to connect via SSH from a Linux or Mac computer, you need to open your terminal on your device and use the command outlined below:
ssh username@ipaddress
e.g.:
This opens up an SSH connection, and you will then be prompted to enter your password. Of course, you can seek the assistance of a tech professional if you are facing any challenges with this.
How to block Google bot for no index?
Are you one of those struggling to prevent Google bots from indexing a subdomain or a particular web page on search results? What is .htpasswd? Do you know that you can use .htpasswd to block Google bot for no index? If you don’t, you are about to learn how to block Google bot for no index.
The ‘no index’ is a directive that tells search crawlers – like Googlebot – not to include a particular web page in its search results.
Indexing is the process via which Google crawls or scans the internet for new and relevant content/information. The content is added to the search engine’s library of search-accessible content for perusal by users.
Take note that there is a great deal of difference between ‘no index’ and ‘nofollow’:
- no index is usually applied at page-levels and informs search engine crawlers not to index and then serve a web page in the search results.
- Nofollow is applied at the link or page level and tells a search engine crawler not to follow or discover the links.
Basically, the ‘no index’ tag removes a web page from the search index while a ‘nofollow’ attribute removes a link right from the search engine’s link graph.
Now that you know the difference between ‘no index’ and ‘nofollow,’ the next thing to learn is how to block Google bot for no index.
There are several ways you can stop Google from indexing subdomains which include:
- adding a password using a .htpasswd file
- disallowing crawlers with a robots.txt file
- adding a no index directive to each page in the subdomain.
Let’s concentrate on the first method: adding a password using a .htpasswd file.
If your subdomains are just for development purposes, the perfect option is to add a question What is .htpasswd? to the root directory of the subdomain. The login wall will keep the crawlers from indexing content on the subdomain. It will also prevent unauthorized or unofficial user access.
Examples of such cases include:
- Staging.domain.com
- QA.domain.com
- Testing.domain.com, etc.
Setting up password authentication for a website should not be too challenging.
Now that you know the answer to the question What is .htpasswd? you should be able to use it accordingly.
You can also read How Technology Has Improved During Covid-19….