Password Protection for PHP Applications
If you need password protection for a PHP+Apache application that does not provide its own authentication then you can use Apache HTTP authentication as an alternative.
Note: this feature is not available for PHP-FPM+Nginx applications. It is only for PHP+Apache and the corresponding symlink app types.
To do so:
Log into a SSH session as your application's shell user.
Run the following commands to create the password file. This example will use
myuseras the shell user name,
myappas the application name, and
webuseras the name of the HTTP authentication user.
cd ~/apps/myapp htpasswd -c .htpasswd webuser
Enter the password for
webusertwice as prompted.
Add the following to your application's
.htaccessfile (if your app does not have a
.htaccessfile you can run
touch ~/apps/myapp/.htaccessto create it):
<Files .*> Order Allow,Deny Deny from all </Files> AuthUserFile /home/myuser/apps/myapp/.htpasswd AuthName MyApp AuthType Basic require valid-user
If you need to create additional HTTP authentication users for your application, you can re-run the
htpasswd command without the
-c flag like so:
htpasswd .htpasswd anotheruser