How to password-protect folders

MyGenesis has the ability to password-protect folders in some cases. It can only do this on the Apache web server, when the Apache configuration has been set up to allow .htaccess files and authentication, and when the Apache server is running in one of its standard configurations.

MyGenesis does not include a testing or diagnostic system to automatically determine whether password-protection will work, or to automatically select which of the standard configurations is being used. You need to determine this on your own, by trial and error. Because not all servers support password protection, and because Genesis cannot perform its own automated tests, this feature is disabled by default.

Follow these steps to enable the feature:

  1. Make sure you are running Genesis version or newer.

  2. Login to MyGenesis using the "webmaster" account.

  3. Go to "Admin Page" => "Manage System Settings". Scroll down to "Miscellaneous" => "System Capabilities". There will be four options:

    • No .htaccess/.htpasswd support on this server
    • Standard Apache .htaccess/.htpasswd support
    • Custom .htaccess/.htpasswd support - relative path
    • Custom .htaccess/.htpasswd support - Cobalt Raq4

    The first option, "no support", should be selected by default. Begin by selecting the next button, "standard support", and saving settings.

  4. Go to "Admin Page" => "My Account" and scroll down to the Account Privileges section. Assign yourself "Custom Privileges" and then scroll down to the "Custom: Password-Protect Folder" section and select the privilege "May password-protect folders". Then save settings.

  5. Next, go to "Admin Page" => "Password-Protect Folder". This will open the main interface.

    If you already have an .htaccess file, and it is a format that MyGenesis does not under, then Genesis will not allow you to modify the file. If that happens, you should review your own .htaccess file manually, or create a fresh empty subfolder and use the Password-Protect Folder interface on it.

  6. The first thing you will on the "Password-Protect Folder" is a link to the folder. Click on the link. Are you challenged for a username and password? If you are, then that means this folder has already been protected by some other mechanism. It will not be possible to use MyGenesis to further protect the folder.

  7. Otherwise, select "Restrict access" and enter a username and password like "bob" and "smith". Submit the form.

  8. Return to the main "Password-Protect Folder" interface. Follow the link again. See if you are challenged for username and password and, if so, see whether "bob" and "smith" will work.

    • If you are not challenged, then your web server is not configured to look for and respond to .htaccess files. The "Password-Protect Folder" feature will not work.

    • If you are challenged, but the username and password do not work, then it may be due to the format of the .htaccess file.

      Or, if you receive the error "500 Internal Server Error", then it is definitely due to the format of the .htaccess file.

      In either case, return to "Admin Page" => "Manage System Settings" and try the other two settings for custom .htaccess formats. After selecting those formats, you will need to return to "Password-Protect Folder" and submit the form again so that it will write out a new .htaccess file.

    • If you are challenged and if your username and password work, then congratulations! You have a functioning system. You may now safely grant the "May password-protect folders" privilege to all of your users.

    • If the system will not work, for any of the .htaccess format settings, then your web server is probably running in a non-standard configuration. This feature will not work there.

  9. If you cannot get password protection to work, remember to return to the "Manage System Settings" page and select "no support" for the .htaccess/.htpasswd feature. This will prevent the "Password-Protect Folder" interface from appearing for your users.