December 09, 2005
How do I password protect my blog?
Of all the suggestions I receive for desired features on UThink, by far the number one suggestion is the ability to password protect your blog. Well, thanks to the upgrade, this is now possible. However, before we begin I must warn you that for some this will not be easy. Some of you will find these instrutions to be the equivalent of ancient Greek. I will try to do my best to make them as easy to understand as possible. One more thing, these instructions are for PC users only. They may work for the Mac, but I cannot guarantee it. Please let me know if you can get this to work for the Mac platform.
While it would be nice if Movable Type had password protection capabilities built in to its interface, the fact of the matter is it doesn't. So we have to work around that. What we'll be using is the Apache web server's built in capability to password protect a directory. In order to password protect the directory that your blog sits in you must create two files: a ".htaccess" file and a ".htpasswd" file. And yes, you read that correctly, each file name begins with a dot (".").
The trouble with these two files is that you cannot create them with Word or Notepad. You must use a text editor that strips out all the extra encoding stuff that Microsoft wants to put into a file. You may be able to use an HTML editor that you already have on your computer, or you can try to download a free/trial version of a Notepad replacement. I would recommend either EditPad Lite or the free Notepad++. If you aren't sure of what to do, just download Notepad++ and carry on with the instructions below.
With your text editor, create a new file. This will be the ".htaccess" file. It should have the following text:
AuthUserFile /htdocs/blog/[your Internet ID]/[your blog directory name]/.htpasswd AuthName "You gotta log in" AuthType Basic Allow from all Require valid-user
Replace the parts that say [your Internet ID] and [your blog directory name] with your Internet ID and the name of the directory right after your Internet ID in your blog's URL. (You may also want to replace the text "You gotta log in"!) For example, my test blog has the URL: http://blog.lib.umn.edu/snackeru/test/. So, I would create an .htaccess file that looks like this:
AuthUserFile /htdocs/blog/snackeru/test/.htpasswd AuthName "You gotta log in" AuthType Basic Allow from all Require valid-user
Save this file somewhere on your computer where you'll be able to find it again, like your desktop. We will be uploading this file to your blog later.
Now we need to create your ".htpasswd" file. You'll note that this file is referred to in the .htaccess file above. The first thing you'll need to do for this file, though, is generate a username and password. For this task, we will need to use an htaccess password generator because this method requires that your password is encoded into something unrecognizable. Confused? Don't worry about it, just use the htaccess password generator to pick a username and password and follow the instructions below.
Let's say I want to create a username of "goldy" and a password of "gopher." Using the htaccess password generator I might get a line of text that looks like this:
Take your line and in your text editor create a new file and paste that line in. Save your file as ".htpasswd" in the same place as you saved your .htaccess file.
Still with me? You should have two files, a .htaccess file and a .htpasswd file. Now we will upload them to your blog directory. Login to UThink and enter the blog that you want to password protect. Click on "Upload File" in the left hand menu and one at a time upload your two files:
Since you aren't creating a new entry or a link with these new files, just exit out of the next screen. Once you have them both uploaded, go to your blog home page and test it out.
If you would like to see how this works, check out my test blog snackeru playground. Use the username/password "goldy/gopher." Let me know if you have any difficulty.
Now, there is a pretty good chance that you will have difficulty with this or that after you get it to work you may at some point want to take your password protection away (or change your password). In that case, you may want to delete the your .htaccess and .htpasswd files. To delete files on your blog (and view all the files in your blog directory) use the "List Blog Files" tool located in the left hand menu of Movable Type. You may delete files one at a time, or multiple files at once.
Anyway, that is how you add password protection to your blogs, at least for the immediate future. As new plugins are developed for Movable Type we will hopefully be making this process easier. Until then, let me know if this works for you!
UPDATE 3/3/2006: It is also recommended that you alter your RSS 2.0 template if you use the above method to password protect your blog. The RSS 2.0 template has a command that looks for various media you may be uploading to your blog, and the directory level password protection can sometimes cause an error to this function.
To fix this, login into UThink, click on Templates, and then click on the RSS 2.0 template. Find the line that says:
Take it out and rebuild. What this tag basically does is allow for podcasts. If you are password protecting the directory, you have taken away the capability to podcast from your blog anyway.Posted by snackeru at December 9, 2005 10:22 AM