How to Password Protect Access to Your X-Cart
page last edited on 26 February 2018
Sometimes it may be necessary to close/limit access to your store website or your store Admin area for security or development purposes. This can be done using htaccess password protection; more info on this is available in the article Password Protection with htaccess.
If you have read the article, you should already know that the main point here is to create two files called .htaccess and .htpasswd in the directory you want to password protect. The file .htaccess actually closes access to the directory with a form where you need to submit a login/password combination for authentication, whereas the file .htpasswd contains the login/password info that needs to be submitted for authentication.
First, you need to create a .htpasswd file with your login and password; the file content should be like the following:
where mylogin stands for a login authorized to access this folder and mypassword stands for a password to be used.
Next, to close your whole X-Cart store you need to place a file named .htaccess into your X-Cart store root directory; the file should have the following contents:
AuthType Basic AuthName "Password Protected Area" AuthUserFile /path/to/.htpasswd Require valid-user
where /path/to/.htpasswd should be replaced with the full path to your .htpasswd.
If you need to password protect the store Admin area only, the contents of the file .htaccess needs to be as follows:
AuthType Basic AuthName "Password Protected Area" AuthUserFile /path/to/.htpasswd <Files "admin.php"> Require valid-user </Files>
For X-Cart versions 18.104.22.168 and later it is necessary to allow callbacks from the same domain without authentication. Here is an example for how that can be done:
Require valid-user Order allow,deny Allow from <your server's external IP> Allow from 127.0.0.1 Satisfy any
To find out your server’s external IP, contact your hosting provider support team. As an alternative option, you can obtain the IP by executing the following command on the server (for example, via SSH):
Help make this document better
This guide, as well as the rest of our docs, are open-source and available on GitHub.