« Previous | Ain't too proud to blog | mail it | Next »


Posted: 08.10.2003
To password or not to password...revisited
I've noticed people wondering how to password-protect an MT blog after dicussion here this week -- and most recently this new AP article.

To my knowledge, there are four ways to do this. I'm opening it up for discussion because there may be other methods -- and I'd love for you to share what works best for you:

  1. The .htaccess and .htpasswd combo (obviously make sure your server is capable of handling these types of files first)
  2. Passwording your site directly through your server's Cpanel -- click on the Web Protect (or similar) icon and follow directions
  3. Using software with cookie-password protection in php -- this web company offers a free version of their software
  4. Scripty Goddess has a restricted post tutorial for Movable Type blogs -- you can see an update on the hack here (this method will password protect certain, but not all, posts on your blog)
Again, if you have other recommendations not listed here -- or better links than the ones I've already given, please speak up and leave them in the comments! Thanks.

UPDATE: Here's another javascript option just mentioned in the comments -- Gatekeeper Password Protection. And yet another script to request access.



Hey boy take a look at me...let me dirty up your mind...



Thanks for sharing these links, Robyn. I've gotten to the point on my blog where I don't write about what's on my mind anymore, so I figure password-protecting a separate blog is probably a good idea.

¤ ¤ credit: Lesa | 08.10.03 at 03:40 PM | link--this ¤ ¤

This is an easy way to password-protect and it's definitely not the safest, but might be the thing for non-MT users. I used the Gatekeeper method when I had a password-protected blog, which is just Java and fairly simple to install. Here's the link:

http://javascript.internet.com/passwords/gatekeeper-in.html

I'd select one of the other methods mentioned, but my former blog was HTML-based and not MT. Now that I'm using PHP, things have changed. It depends on what your server offers.

¤ ¤ credit: Jenni | 08.10.03 at 04:21 PM | link--this ¤ ¤

Thank you, Jenni! -R

¤ ¤ credit: robyn | 08.10.03 at 04:29 PM | link--this ¤ ¤

Ah nice, I was debating what ones would do the job. Thanks for the links! :)

¤ ¤ credit: Shane | 08.10.03 at 04:50 PM | link--this ¤ ¤

I use a combo of .htaccess and PHP on my private blog. I want to let people ask for access and basically manage their own account. I also know that .htaccess is the best way to secure a directory. I found a script at http://www.eastwright.com/internet/register/ that lets users request access, but I have to approve them, and it's free. The other thing I like is that I can see what ip they are logging into the site from as well as how many times they visit. That gives me an idea if they are giving out their login. I went ahead and setup login and register forms on a page to match my site too. Maybe it's overkill for a small private blog, but I like power *evil laugh*.

¤ ¤ credit: Phil | 08.10.03 at 06:11 PM | link--this ¤ ¤

Thanks so much, Phil!

¤ ¤ credit: robyn | 08.10.03 at 06:15 PM | link--this ¤ ¤

Ensim (a software like Cpanel), also allows you to password protect directories by modifying the .htaccess, etc.

Forum softwares all have the ability to password protect forums / approve users.

Has this issue been brought up with the Trotts?

¤ ¤ credit: snore | 08.10.03 at 09:49 PM | link--this ¤ ¤

Just thought I'd chime in, since I've been asked this on the forums quite a few times... For MT users, if you have a single category that you want passworded, this thread has a few solutions. :)

¤ ¤ credit: kristine | 08.10.03 at 11:31 PM | link--this ¤ ¤

FYI: the Cpanel protection is just an automation to handle the htaccess stuff. Another plus to the htaccess protection is that if you run stats with webalizer, it'll often show stats for htaccess authenticated users.

There aren't a whole lot of really good ways to lock down a blog unless you have some sort of access to your host. Folks using free services like blogspot are going to have a hard time.

In the end, probably the BEST bet is to run to separate blogs, and protect one with htaccess and leave the other wide open. This seems like something the Ben and Mena should look into adding to the next version of MT. It wouldn't be too hard to do, but the best bet is to get it in the standard MT install instead of having to muck with the code.

¤ ¤ credit: Pete | 08.10.03 at 11:32 PM | link--this ¤ ¤

Wow thanks so much for posting these (plus thanks to Phil for the bit of extra!!). I want/need to password only some of my posts... :)

¤ ¤ credit: Rachel | 08.11.03 at 03:19 AM | link--this ¤ ¤

if there's anybody who uses ASP or .NET ... you can code directly into the page to look for a password too. either pulling from a database (for user specific content/prefs) or just a general password for all users.

i've done this a lot and would be happy to share snippets of code. email me if you're interested.

¤ ¤ credit: tj | 08.11.03 at 07:14 AM | link--this ¤ ¤




URLs that have pinged me for this entry:



All old ping links have been removed from this blog. Die spammers, die!



Hey pretty, don't you wanna take a ride with me through my world?


Psssssst...pass it on!
email this entry to:


your email address:


additional message (optional):