Creating a secure password protected area of a web site

We often get questions about how to set up a secure area of a web site which visitors can only enter by entering a user name and password.

For password protection, there are three options. The first isn't very secure, but can be useful enough if you only have one password (or one user) and security isn't especially important. The Password Protected URL Action http://actionsforge.com/actions/view/67-password-protected-url simply ask your for a password and if a page or folder (you can set which) exists, it will take you to it.

The second is more secure, but isn't as easily manageable as the third for multiple users, which is to use HTTP authentication. You would need to get in touch with your web host about this option, as it requires some specific server configuration. More information on how this works and how to use it can be found on the Apache HTTP Server website. http://httpd.apache.org/docs/2.4/howto/auth.html

The third option is the most secure if set up properly and can be as easy or as difficult as you want it to be for user management. This option requires PHP on the web server and would either require PHP coding knowledge or code written by another party. There are several actions available in Freeway that allow you to integrate PHP code into a Freeway website, information on those actions can be found at the following address. http://actionsforge.com/people/view/softpress-support?page=2 (The PHP Actions)

The second option is generally secure enough and with a little PHP, can allow user management from your website.

For SSL encryption, you will need to contact your host so they can set up a SSL protected directory on your server. Note that you will need to use https:// to link to any pages or files in this directory.