Sometimes it may be necessary to close/limit access to your store website or your store Admin area for security or development purposes. You can do it using the .htaccess password protection; more info on this is available in Password Protection with htaccess.
If you have read the article, you should know that the main point here is to create two files called .htaccess and .htpasswd in the directory you want to password-protect. The .htaccess file closes access to the directory with a form to submit a login/password combination for authentication. In contrast, the file .htpasswd contains the login/password info that needs to be submitted for authentication.
First, you need to create a .htpasswd file with your login and password; the file content should be like the following:
mylogin:mypassword
Where mylogin
stands for a login authorized to access this folder, and mypassword
stands for a password to be used.
Next, to close your whole X-Cart store, you need to place a file named .htaccess into your X-Cart store root directory; the file should have the following contents:
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
Where you should replace /path/to/.htpasswd
with the full path to your .htpasswd.
If you need to protect the store Admin area only, the contents of the .htaccess file need to be as follows:
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
<Files "admin.php">
Require valid-user
</Files>
For X-Cart versions 5.4.0.0 and later, it is necessary to allow callbacks from the same domain without authentication. Here is an example of how you can do that:
Require valid-user
Order allow,deny
Allow from <your server's external IP>
Allow from 127.0.0.1
Satisfy any
Contact your hosting provider support team to find out your server’s external IP. As an alternative option, you can obtain the IP by executing the following command on the server (for example, via SSH):
curl ipv4bot.whatismyipaddress.com
Related pages: