Password protect your Drupal site with Shield-module

From time to time, there might arise a situation where you want to password protect your Drupal site. Maybe the site is under development, or you just want it to be available to a selection of users.

This is usually done with something called "HTTP Basic Auth", which allows you to password protect a site. This can be done in Apache by modifying the .htaccess file. 

There are some great tutorials on how to do this, but this is not the correct way of doing it for couple of reasons:

  • It requires editing the core's .htaccess file, which is not recommended
  • In multisite environments the .htaccess file is shared with all of the sites, so you can't just install the password protection to one site

The Shield module is a simple module that allows you to password protect your site. All of the configuration is done on the administration interface, so no file editing is necessary. Since it is just a single module, it can be easily applied to just one site in a multisite environment.

Comments

Drupal User's picture
Drupal User
Tue, 07/15/2014 - 20:54

Thanks for sharing. I wonder if the directory itself where Drupal files reside can be password protected under Windows 8 (inside Windows Explorer, or any other file manager), without interfering with the functioning of the Drupal site or Apache.

Thanks for the tip, seems like a useful module especially for multisite. I wouldn't go as far as saying that using basic/digest is incorrect though. I'd argue that most Drupal sites should not be using .htaccess files at all anyway and should configure Apache (or nginx/lighttpd) directly instead for performance, security and simplicity. I tend to think of the .htaccess that ships with Drupal core as baseline for configuration more than anything.

Add new comment