IIS Password Protect

This topic will show how to setup and manage the IIS Password feature within your WCP control panel.

Updated over a week ago

What is IIS Password?

IIS Password is a module extension / plugin that integrates with IIS to allow additional security for specific folders on a website. For example if you wanted to prevent public access to a folder on your site named /private than you could enable IIS Password and require any public access to authenticate (with a username / password) in order to gain access to that folder.

Since it is built into IIS once a user provides a successful authentication to that folder then they’ll be able to access as long as that session remains active. If the session is terminated then the user will be forced to re-submit their login information once again.

How many users can I create?

By default the free version of IIS Password is enabled across all of our shared severs (& VPS upon request). This means that each individual domain is limited to having a total amount of 3 users.

What folders / files get created by IIS Password?

IIS Password users are are stored in a file named .htpasswd within a folder named secure above the sites wwwroot directory as shown in the screenshot below:

Within this .htpasswd file you’ll see a list of any existing users along with a encrypted password as shown in the screenshot below:

Important Note: If you try manually updating the password here… the user will break and you’ll have to re-create the user. To update the password you’ll need to follow the instructions listed later below.

Also within any directory that you have password protect enabled on you’ll see a file named .htsecure, which will be what tells IIS that this directory is password protected.

Within this file you’ll see a reference pointing back to the file that contains a list of the users available. It’ll also state which users within this file is allowed to access this directory as shown below:

Note: Please do not remove this file or modify it’s content otherwise you may risk IIS Password not working on this directory.

  1. Login to your WCP control panel.

  2. Once logged in if you are not already on the domain in questions control panel page then click on the ‘Hosted Domains’ drop-down from the top of the pages navigation bar. Then select the desired domain from the drop-down.

  3. Once in the correct domains WCP control panel click on the ‘Password Protect’ icon under the ‘Files’ section.

Manage password protect users

As we mentioned in the introduction to this ‘password protect’ feature we mentioned this feature is by default limited to 3 users, so be sure that you create the users your site is needed. You can delete and create users provided by the steps below:

Create a new user

We provided the steps to get to the ‘password protect’ feature in the above section. Now let’s show the steps to create a new user below:

  1. Click on the ‘Manage Users’ button within the ‘Password Protect’ feature.

  2. You should now see a list of existing users (if any). Click the ‘Add’ button to add a new user.

  3. You will now be presented with a form asking for the username and password for this user. This user/pass combo will be used to login to any password protected folder this user is assigned to.Enter in the desired username and password and then click the ‘Save’ button.

Edit existing users password

Sometimes you may forget a password you had set for a user, we’ll go ahead and show you how to reset the password for a password-protected user below:

  1. Click the pencil icon next to the user you wish to edit.

  2. You will then be able to change the password and click ‘Save’. You’ll note you cannot change the username. To change the username you must delete the user and then re-create with a new name.

Delete existing user

Sometimes you don’t need a user any longer, or perhaps you’d just like to make room for another user by removing an existing one. Let’s show below how you can delete an existing user:

  1. Click the trash can icon next to the desired user you wish to delete as shown in the screenshot below:

2. You will then be presented with a confirmation pop-up asking if you’re sure you wish to delete the user as shown in the screenshot below. Click ‘OK’ to confirm the deletion or click ‘Cancel’ to cancel the deletion.

Manage password protect directories

There is not a limit to how many directories you can password protect, although as mentioned above you are limited to a total of 3 users with this feature.

Enable password protection on a directory

Let’s show how you can password protect a directory within your site.

  1. Click on the ‘Manage Protected Folders’ button within the ‘Password Protect’ feature.

  2. You will now see a list of folders on your site. Using the [+] icon on the folder you can navigate into sub-folders. Click on the name of the folder you wish to enable password protection on.

  3. You can now click the checkbox for ‘Enable Protection’. You will then be able to choose which user(s) you want to assign to this directory.

  4. When satisfied with your selections click on the ‘Save’ button.

  5. The folder should now display a red lock icon to state that it’s password protected as shown in the screenshot below.

Disable password protection on a directory

Let’s show how you can disable password protect on a directory within your site.

  1. Click on the ‘Manage Protected Folders’ button within the ‘Password Protect’ feature.

  2. You will now see a list of folders on your site. Using the [+] icon on the folder you can navigate into sub-folders. Click on the name of the folder you wish to disable password protection on.Note: If a directory has password protect enabled the folder will display a red lock icon.

  3. Now within that folder you can de-select the checkbox for Enable Protection. Disabling this checkbox will completely disable the password protect feature on this directory.

  4. Once ready click on the ‘Save’ button to save your changes.

Did this answer your question?