-1

I currently have a live opencart 3.0.2.0 site hosted on godaddy. Since there's a lot of issues with creating a copy of this site to a localhost, (.htaccess,mod rewrites, and seo urls) I want to do this apart from localhosting.

My question is, since ssl certificates run around 70 dollars, is there an alternative security measure that I could implement for this testing site since only myself and maybe two others will be needed to access this?

mcmcphillips
  • 49
  • 7
  • Do you mean another SSL *certificate*? If so, please amend your title. You can get free SSL certificates. You don't want an alternative security solution. The security for the test site should be identical to the security for the production site. Otherwise you aren't testing anything. – user207421 Jan 24 '18 at 01:11
  • Thank you for the clarification @EJP – mcmcphillips Jan 25 '18 at 02:05

1 Answers1

-1

Just place a .htpasswd and a .htaccess in the root folder of your website.

.htaccess

AuthType Basic
AuthName "Forbidden"
AuthUserFile /var/www/website1/.htpasswd
Require valid-user

Create the .htpasswd via the command:

htpasswd -c /var/www/website1/.htpasswd username

In this example the .htpasswd is located next to .htaccess in same folder. This is not considered as a good practice. You should place it outside of the public folder.

common sense
  • 3,775
  • 6
  • 22
  • 31
  • Forgive my lack of understanding on this. but wouldn't that also prevent myself from gaining access to the development site? Also, if I move the .htpasswd outside the root directory, would it still work? – mcmcphillips Jan 24 '18 at 00:57
  • The security for the test site should be identical to the security for the production site. Otherwise you aren't testing anything. – user207421 Jan 24 '18 at 01:12
  • @EJP The SSL layer should be transparent for the application behind. It does not matter if its there or not when testing the functionality. – common sense Jan 24 '18 at 01:51
  • @mcmcphillips With the command you will prompted to enter a password. So next time you visit the test site, you have to enter the username and password. The path to the file can be adjusted in the .htaccess file. If you have no idea what I am talking about please consider to give this task to someone who has some knowledge about server management. – common sense Jan 24 '18 at 01:53
  • This worked fine for me for the test environment that I used it on. I guess this got marked down because I didnt explicitly mention that I wasn't testing security measures. – mcmcphillips Jan 26 '18 at 06:20