Password protect your Drupal site with Shield-module
From time to time, there might arise a situation where you want to password protect your Drupal site. Maybe the site is under development, or you just want it to be available to a selection of users.
This is usually done with something called "HTTP Basic Auth", which allows you to password protect a site. This can be done in Apache by modifying the .htaccess file.
There are some great tutorials on how to do this, but this is not the correct way of doing it for couple of reasons:
- It requires editing the core's .htaccess file, which is not recommended
- In multisite environments the .htaccess file is shared with all of the sites, so you can't just install the password protection to one site
The Shield module is a simple module that allows you to password protect your site. All of the configuration is done on the administration interface, so no file editing is necessary. Since it is just a single module, it can be easily applied to just one site in a multisite environment.
Thanks - very helpful tip.
Even better, use it in conjunction with the "environment modules" module (https://www.drupal.org/project/environment_modules). Set up Shield, then disable it again (without uninstalling). It can then be re-enabled only on those sites that need it.
Thanks for sharing. I wonder if the directory itself where Drupal files reside can be password protected under Windows 8 (inside Windows Explorer, or any other file manager), without interfering with the functioning of the Drupal site or Apache.
Thanks for the tip, seems like a useful module especially for multisite. I wouldn't go as far as saying that using basic/digest is incorrect though. I'd argue that most Drupal sites should not be using .htaccess files at all anyway and should configure Apache (or nginx/lighttpd) directly instead for performance, security and simplicity. I tend to think of the .htaccess that ships with Drupal core as baseline for configuration more than anything.
i am recently become a one website Developer that before set a User Password for (Digital Ocean company Hosted) and Drupal 8 is their CMS,
But the problem is i cant find with what method i can remove This Authentication and run this website.
* its first level authentication in Browser and after that is drupal authetication for manage and configuration.
Add new comment