While I was developing sites for my clients, I found it’s better to develop on one of my servers than getting them transferred to preferred hosts. This way, it gives me more flexibility towards the development. Once the job is done, I may have things that I want to check out too. For example, a custom work I did on an eCommerce site – can be accessed from my development server when I later need to. Here comes the problem! These sites are already live on a different hosting and domain. The demo site getting indexed is not what we want. For this issue, I came across a very quick solution with htaccess, which is password protecting the staging/developed site.

First, we need to create an username and password for the site’s htpasswd file. You can easily generate this from here.

htpasswd generator

You will get an encrypted code to use when you click Create .htpasswd file

htpasswd code

Now you will need to create a .htpasswd file in the root directory of the site that you want to protect. For example, the site link is http://example.com/demosite/ You will need to create the file under the demosite directory. Once created, paste the code generated for the file and save it.

The next step is to edit your .htaccess file under the demosite directory. Copy the following code under the existing rules of your .htaccess file

AuthName "message_text"
AuthType Basic
AuthUserFile /path_to_the_site/.htpasswd
require valid-user

Here you will need to change two things. the message_text portion with the message you want to display when the username and password are asked. Next change is for the portion path_to_the_siteHere you will need to enter the correct path of your sites directory. The important thing to remember here, you will need to enter the path starting from the server root. For example, you are running on a centOS installation on your VPS and the site’s directory is on home/user/public_html/domain/demosite/ then you will need to change the line to this

AuthUserFile /home/user/public_html/domain/demosite/.htpasswd

Now, just save the file and try loading the site on your browser. You will see something like the following image if you are browsing on Google chrome


Now everything inside the directory is secured and can not be accessed unless you log in with the correct details. So, no indexing 😀 Let me know your thoughts about this method and if you have better and easy solution for this, feel free to share in the comments.