Arthur,
You can setup password protected subdirectories using .htaccess. You need a host that offers shell access. You put a .htaccess file in the subdirectory you want to protect and point to a password file that is above the Web directory root on your host.
This is a solution for static websites that do not use PHP or CSM WordPress. The are pros and cons to choosing this option. It's very solid and as secure as you need. Basic setting uses MD5 hash encryption. Shell hosting is the best deal around at probably about $25 / year including the domain renewal. I use
https://www.nearlyfreespeech.net. The host does not automate any installs, you have to do it yourself or have a web developer do it.
More info on this option, just do a search:
https://duckduckgo.com/?q=authUserFile+ ... tup&ia=web
Here is a quick comparison:
Password access
.htaccess
Static website no Wordpress or other CMS needed. No CPanel required. Once setup, it continues to work at no cost.
- You create a custom .htaccess file and upload it to a subdirectory in your website.
The file will look something like this:
Code: Select all
AuthUserFile /fs2a/mywebsitename/protected/.famtreepasswords
AuthType Basic
AuthName "Family Stewart Tree site"
Require valid-user
Then you take a user and assigned password and encrypt it with MD5 has or something more advanced. There are tools online to take a username and password and convert it for you.
https://www.htaccessredirect.net/htpasswd-generator
You add this line to the .famtreepasswords file. (The file name can be anything you like.)
jstewart:$apr1$qhwx4cyl$V6drVkyrGjTmbdrPD1KE0.
Upload all new .famtreepasswords file.
Now anyone arriving on any page in this sub-directory gets a pop-up request for login. A member, jstewart, can now enter his user name and his password and get past the pop-up enter your password for "Family Stewart Tree site".
Pros:
- It's free to use and does not change your hosting fees.
- Even if someone knows the full link to your family tree area. They still need to login to get through.
- It's very solid, nothing to break and nothing to hack. It only stops working if you make some mistake.
- You can use one or a few group logins, or individual logins and you can turn anyone off easily.
- Any content within the subdirectory or further down is not accessible to the public or to search engines.
- Browsers can remember the password if the user clicks remember me for this site.
Cons:
- Library computer browsers can remember the password, if the user accidentally clicks remember me on a public computer.
- You have to set everything up. It takes perhaps 30 minutes for a web developer to setup and test with a dozen usernames.
- You as the admin are the only person who can add a user. There is no online automated way to do this.
- Either you or your web support person is support. This is DIY.
====
By comparison, WordPress plugins do offer all sorts of nice, interactive membership versions, where the user can create their own login, the admin can make access invitation only, approve members, or other features. Management varies per the plugins.
The user usually just deals with email that have custom confirmation links to setup their membership. Logout is also more automated so if the user leaves access on a public computer, it will time out.
However, WordPress membership features are probably hackable. WordPress certainly has security issues. A WordPress site cost varies. If you set up WP yourself on a host with a shell account, then running WordPress is either part of the monthly fee you are already paying, or with the host I use, mentioned above, they add $1/ month for running LAMP stack PHP with MySql. Then you can run whatever you like. Wordpress, Joomla, Druple or a custom site with any backend. Unless you host your own server, converting to Wordpress for membership feature is the either DIY or paying a web engineer and then about $15 to $60 per year extra host fees.
Hope this is interesting and not too confusing. I know it's very techy. Ha!