Sometimes it may be necessary to close/limit access to your store website or your store Admin area for security or development purposes. This can be done using htaccess password protection; more info on this is available in Password Protection with htaccess.

If you have read the article, you should already know that the main point here is to create two files called .htaccess and .htpasswd in the directory you want to password-protect. The file .htaccess actually closes access to the directory with a form to submit a login/password combination for authentication. In contrast, the file .htpasswd contains the login/password info that needs to be submitted for authentication.

First, you need to create a .htpasswd file with your login and password; the file content should be like the following:


where mylogin stands for a login authorized to access this folder, and mypassword stands for a password to be used.

Next, to close your whole X-Cart store, you need to place a file named .htaccess into your X-Cart store root directory; the file should have the following contents:

AuthType Basic AuthName "Password Protected Area" AuthUserFile /path/to/.htpasswd Require valid-user

where you should replace/path/to/.htpasswd with the full path to your .htpasswd.

If you need to password protect the store Admin area only, the contents of the .htaccess file need to be as follows:

AuthType Basic AuthName "Password Protected Area" AuthUserFile /path/to/.htpasswd <Files "admin.php"> Require valid-user </Files>

For X-Cart versions and later, it is necessary to allow callbacks from the same domain without authentication. Here is an example of how you can do that:

Require valid-user Order allow,deny Allow from <your server's external IP> Allow from Satisfy any

To find out your server’s external IP, contact your hosting provider support team. As an alternative option, you can obtain the IP by executing the following command on the server (for example, via SSH):

Did this answer your question?