Password Protection for PHP Applications
If you need password protection for a PHP+Apache application that does not provide its own authentication then you can use Apache HTTP authentication as an alternative.
Note: this feature is not available for PHP-FPM+Nginx applications. It is only for PHP+Apache and the corresponding symlink app types.
To do so:
- 1
Log into a SSH session as your application's shell user.
- 2
Run the following commands to create the password file. This example will use
myuser
as the shell user name,myapp
as the application name, andwebuser
as the name of the HTTP authentication user.cd ~/apps/myapp htpasswd -c .htpasswd webuser
- 3
Enter the password for
webuser
twice as prompted.- 4
Add the following to your application's
.htaccess
file (if your app does not have a.htaccess
file you can runtouch ~/apps/myapp/.htaccess
to create it):<Files .*> Order Allow,Deny Deny from all </Files> AuthUserFile /home/myuser/apps/myapp/.htpasswd AuthName MyApp AuthType Basic require valid-user
If you need to create additional HTTP authentication users for your application, you can re-run the htpasswd
command without the -c
flag like so:
htpasswd .htpasswd anotheruser