Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By balaftuna on
Hi.
I made up a drupal test site. This site is hosted as a parked domain multi sites configuration.
The site is hosted by HostGator. While CPanel allows me to protect directories, I do not know how to protect a whole site.
I would like the site to be accessible to my co-developers, but invisible to all others.
Any ideas?
Thanks.
Shay.
Comments
htaccess vs Drupal access
Hi,
I don't know the specifics of HostGator's setup, but if you password protect a directory, any subdirectories will be protected as well - so you could password-protect the entire Drupal folder, but I don't know whether CPanel will gracefully add to Drupal's htaccess file, or just overwrite it. And that would affect your other sites as well, so probably not a go-er.
So, another way would be to go to the access control page in the admin section of your Drupal install and uncheck 'access content' for anonymous users. That way, only users with an account on the site can see the site, and no need to mess with htaccess files. The site isn't completely invisible, but unregistered users will only see an 'access denied' page. With a bit of themeing, you can remove any logos, etc, from the access denied page so that there are no clues to the site's purpose.
User Access Settings
Here's one possibility:
That will allow you to create a user account for all of your developers, and it will block anyone from viewing the site without a user account.
Good luck!
@ matkeane, you're too fast for me! :)
guys, thank you very
guys, thank you very much!
appreciated.
hosting control panel lets protect directory but not webroot
My host is like this too.
So my workaround is:
• go ahead and use the controlpanel to protect any sub-directory.
• Go in that directory and copy out of the .htaccess the lines that define the directory security. Likely, these will be the only lines in the file.
• Go up to the webroot and paste those lines in near the beginning of the .htaccess file you find there.
• Use the controlpanel to remove the protection from the first sub-directory. It's not necessary there anymore, the whole site is now protected.
Of course, this is a completely different issue than using Drupal's access control. It's not a Drupal function at all and is not integrated with any of Drupal's users.
But, for people who have a reason to use the webserver's HTTP authentication mechanism, and who have a host that provides flawed tools like this, AND who know just enough about editing .htaccess to feel safe and confident to do this, I hope this helps.