Passwords help keep private and sensitive information safe, providing the first line of defense against unauthorized access and malicious intents. 

Luckily, setting up password protection for a website or subdirectory is pretty straightforward, and you could do this using two files—the .htaccess and .htpasswd files.

So, let’s examine how.

Setting Up the .htpasswd File

The .htpasswd file stores the username and passwords for accessing the page. Most web server software like Apache uses the file to verify users via HTTP authentications.

It stores the username and password on each line, delimiting the username and password with a colon. The file can also store passwords in encrypted form to keep them safe and out of prying eyes.

Here’s how to create the .htpasswd file, encrypt your passwords and store them in the file.

Step 1: Log into SPanel’s User Interface.

The default login URL is https://yourdomain.com/spanel (don’t forget to replace yourdomain.com with your actual domain name).

Step 2: Open the File Manager

On SPanel’s homepage, scroll down to the FILES section and click File manager.

Step 3: Create the .htpasswd File

In the home directory, click the New File/Folder icon and select New File.

Create a new file named .htpasswd and save.

Step 4: Encrypt Your Password

You can create an encrypted password using some free online tools like AskApache HTPasswd Generator.

To get started, open the free tool on a new tab, enter the username and password you wish to use to access the page in the username and password fields, respectively.

Select Basic as the Authentication Scheme, ignore the other option and click the Generate HTPASSWD button to encrypt your password.

Step 5: Save Your Encrypted Password in the .htpasswd File

If you selected “all” as the Encryption Algorithm, the tool would generate five encrypted passwords. Please scroll down to the digest algorithm, the most secure of the five, and copy it to your clipboard. 

Go back to the .htpasswd tab, paste the encrypted password into it, and click the Save button.

Please note that you can only sign in to your protected area with the plain text password, not the encrypted password—the encryption only protects the password from authorized uses.

Setting Up the .htaccess File

After setting up the .htpasswd file in your home directory, you’ll need to add a .htaccess file to the directory or subdirectory you wish to password protect. 

The .htaccess file is a server configuration file that lets users make quick changes to their server settings. It configures the server only for the directory it’s in. 

So, if you wish to password-protect your website, then you’ll need to add the file to the domain’s root directory (public_html). 

But if you intend to protect a subdirectory, for instance, www.domain.com/intranet, then open the root directory and place the file in the “intranet” folder.

As a server configuration file, any error or misconfiguration on the .htaccess will affect your website.

Follow these steps to set up the .htaccess file. 

Step 1: Open Your Web Directory

Open the File Manager and navigate to folder you wish to password protect.

Please select the public_html folder if you wish to password protect the entire website, as explained earlier, or open it and select a subdirectory folder.

Step 2: Create the .htaccess File

In the folder, click the New File/Folder icon and select New File to create the .htaccess file if the file is non-existent in that folder.

Please name the file .htaccess and save the changes.

Step 4: Add Your Code

Now, to password-protect the directory with the username and password you saved in the .htpasswd file, add these lines of code to your newly created or existing .htaccess file.

AuthType Basic  

AuthName “protected area”

AuthUserFile /full/path/to/.htpasswd

require valid-user

And here are what each of the lines means:

• The AuthType defines the authentication type the server will use. “Basic” authentication is adequate for website password protection.
• The AuthName specifies the username and password box title that pops up when visitors visit the restricted page. You could use other AuthNames like “Restricted Area,” “Password Protected,” or any that appeals to you.
• The AuthUserFile defines the full file path of your username and password followed by .htpasswd. The line tells the server where to find your .htpasswd file. You could contact our support if it’s difficult identifying the file path.
• The require valid-user line tells the web server who can access the restricted page. Kindly replace valid-user with the username you saved in your .htpasswd. For instance, if your username is “Admin,” then the line should be require Admin, and it’s case sensitive.

Now, save your code and exit the file manager. You could visit the restricted domain or page to confirm that password protection is working as expected. 

Sign in to your restricted area using your username and password. Of course, always use the plain-text password to log in, not the encrypted version.

Need Support?

We understand password protecting a website or subdirectory could be challenging. 

So, if you run into issues setting up one, or you have questions, then reach out to our support, and we’ll be available to help.

You can connect to your server remotely, running commands over the internet through an encrypted channel using programs like Secure Shell (SSH) and Telnet.

But this article guides you on connecting to your remote computer via Telnet on your Mac computer, but first, let’s understand the protocol and how it works. 

So let’s dive into it.

What’s Telnet?

Like SSH, Telnet allows people to connect to a remote computer over a TCP/IP network. 

It lets users administer a server remotely through a Telnet server, manually return a result from a web server, or test or troubleshoot servers, including mail servers.

Telnet is less secure than SSH, it doesn’t use any form of encryption, but users can employ other methods to secure its communications.

How Telnet Works

Telnet utilizes a virtual terminal connection to provide users with a bidirectional text-oriented communication system.

Telnet client software lets users make connections to a telnet server (remote host). When connected, the client becomes a virtual terminal, allowing users to communicate with the remote server from their computers.

The client also lets users log in to the remote host as guest or public without setting up an account with the remote host.

Most operating systems come with in-built command-line telnet clients.

You could use these clients by opening your computer’s command line (like the Terminal app for Mac, DOS prompt for Windows, and the shell for Linux) and run this command –

telnet host port

And remember to replace ‘host’ with the service address and ‘port’ with the service’s port number.

Connecting to Telnet via Mac Terminal

You can connect to a server on its telnet port in two ways – let’s examine them.

Secure Connection Via SSH

As explained earlier, Telnet doesn’t offer any form of encryption, but you could telnet securely on your Mac computer by connecting via SSH.

To get started, go to Applications > Utilities > Terminal to open the Terminal app, then select New Remote Connection from the Shell menu.

Enter a hostname or IP address in the last field of the New Connection window and click the Connect button. 

Of course, don’t forget you’d need to have an account on the remote host before logging in.

Enter your password when prompted, and don’t fret when you don’t see your keystrokes—the system hides them for security purposes.

Now save your settings by clicking the + sign under the Server column.

Input your server hostname or IP address and click OK.

Please enter your user ID and click the Connect button to get it done.

Unsecure Connection

To connect to Telnet without SSH access on a Mac computer, go to Applications > Utilities > Terminal to open the Terminal app.

But do note that non-secure connections are susceptible to malicious interceptions.

However, to proceed with the connection, type telnet host port at the command prompt, replacing ‘host’ with the hostname, service address, or IP address, and ‘port’ with the appropriate port number.

Enter your connection password and username when prompted. 

You could run telnet -help at the command prompt to get a list of the available parameters the command can receive.

Anytime you wish to exit the connection, hold the CTRL + ] keys, then type quit and press the Enter key on your keyboard.

Wrapping It Up 

If a connection fails while trying to access some service, kindly contact the service provider for the correct service address or IP address and port.

But if you have questions relating to establishing telnet connections, reach out to our support, and we’ll be glad to assist you.

You can find your Support PIN by logging in to your ScalaHosting Client Area and navigating to My Details -> Account Details. The PIN is the four-digit number located at the top of that page.

The latest Annual Bad Bot Report shows that automated attack bots generated a quarter of all web traffic in 2019, rising 18.1 percent from the previous year. Humans account for only about 62 percent of all internet traffic.

The report shows that financial services (47.7 percent), education (45.7 percent), IT and services (45.1 percent), marketplace (39.8 percent), and government (37.5 percent) received the most hits.

Most of the bad bots impersonated Chrome browsers to by-pass scrutiny. How do you protect your systems from these attacks? Let’s take a look at mod_security and what it does.

What’s Mod_Security?

Mod_security is an open-source web application firewall (WAF) that safeguards websites and web applications against many threats and automated bots attacks.

It establishes external security layers that offer protection to web-based software programs, detecting and preventing attacks, like cross-site scripting and code injection attacks before they reach them. 

The module is invaluable for protecting websites running on content management systems (CMS), for example, WordPress or eCommerce applications like Magento.

Though most servers have in-built firewalls, mod_security plays a complementary role to offer complete security to web applications.

How Does Mod_Security Work?

Network firewalls safeguard servers from malicious traffic at the network level but cannot filter malicious requests against web applications because they often mimic legitimate web traffic.

Mod_security works best at handling malicious requests at application layers. It’s a rule-based web application firewall that works in the background.

The firewall monitors incoming web requests in real-time to identify malicious traffic by comparing the requests to a list of rules. 

It searches for patterns that match attacks such as SQL injections, cross-site scripting, session hijacking, and more, blocking the connections before they reach the application.

The Open Web Application Security Project (OWASP) curates the most popular free ruleset in common use today. The Core Rule Set includes rules that protect web applications against a wide range of threats.

The ruleset can also protect against the OWASP Top Ten—a frequently updated list of the most common threats.

Why You Should Use It

Mod_security helps protect your system against common web-based threats. It works in real-time to filter malicious activities. The module complements your network firewall to keep your application safer.

The module support rule engine that helps protects against:

• Cross-site scripting (XSS)

• Session hijacking

• SQL injection

• Bad user agents

• Trojans, and others

Wrapping It Up

Mod_security is a toolkit for real-time intrusion detection and prevention. It works in the background, comparing every page request against various rules to filter out seemingly malicious traffic. Users can adapt and extend the rule language to fit their needs. 

This flexibility makes mod_security capable of:

• Real-time application security monitoring

• Virtual patching because of its reliable blocking capabilities

•  Full HTTP traffic logging, including raw transactional data

• Web application hardening by selectively narrowing down the HTTP requests you accept

Scala Hosting regularly updates its mod_security rule to deal with threats as they arise.

You can modify the web.config file to behave in different ways for each directory you place it in. Multiple copies may exist, each in its unique location (directory).

If a web.config file does not exist you can create one from scratch. Use the File Editor from your web hosting control panel and create a plain text file. Edit the contents and save it as “web.config.”

Some uses of the web.config file include;

• URL redirection
• Hotlink protection
• Directory password protection
• Establishing custom error pages

If you do not wish to use the web.config file, many settings can alternately be done in your Plesk control panel.

Redirecting HTTP to HTTPS can be done in several ways;

Using the .htaccess File

The .htaccess file is a high-level server configuration file that is very useful, for example, in redirecting URL requests. To redirect HTTP to HTTPS using this file;

1. Access your web hosting control panel and launch the File Manager
2. Find and open the .htaccess file for editing. You can usually find it in the “public_html” directory or the main directory for your website.

Add the following code to the file;

• RewriteCond %{SERVER_PORT} 80

• RewriteCond %{HTTP_HOST} ^(www\.)?yourdomain\.com
• RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

3. If the file does not exist, create a new file and add the following code;

• RewriteEngine On 

• RewriteCond %{SERVER_PORT} 80

• RewriteCond %{HTTP_HOST} ^(www\.)?yourdomain\.com
• RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Save the file as .htaccess when exiting the editor.

Using WordPress

If you are using the WordPress CMS< it has a built-in URL redirector, you can send all HTTP requests to HTTPS URLs.

1. Log in to your WordPress administration dashboard
2. Hover over “Settings” on the left navigation bar, then click the “General” option.
3. You will need to update the “WordPress Address (URL)” and “Site Address (URL)” fields to include HTTPS. For example, if your URL is “http://www.youdomain.com,” you should change it to “https://www.yourdomain.com.”

Note: In some instances, the URL area may be uneditable. This disabling of the edit box means you will not be able to make the amendments via the WordPress dashboard but need to edit the WordPress database tables instead.

Why HTTPS is Important

Many search engines are now enforcing the use of SSL certificates. Visitors will see warning indicators when attempting to access websites that are not HTTPS certified. At the same time, search engines also consider HTTPS as part of their search ranking algorithms.

You do not need a commercial SSL certificate in most cases. Non-commercial websites that do not handle user data can use a free SSL from Let’s Encrypt. ScalaHosting offers the use of free SSL as well as makes commercial SSL from GeoTrust and Symantec available.

This Client Area consists of the following segments:

• Client Area Home
• My Details
• My Services
• My Domains
• Support
• Billing (Invoices)
• Referral Program
• Order New Services

Changing Your Personal Information

The “My Details” area includes all the details you provided to ScalaHosting when creating your account. If you need to update any information, this is a link you will use. It is advisable to keep your personal information updated to ensure uninterrupted service for your account.

The most important thing to note on this page is the Support PIN located at the top. When requesting assistance from customer support, they may request that you furnish them with this PIN.

Managing Web Hosting and Domain Names

You can get quick overviews of the services and domain names under your account from either of these two tabs. Clicking on the dropdown menu next to each, you will see various options, including management.

These shortcuts offer an easy way to quickly access features such as nameserver management, registrar lock, or even renewal.

Getting Assistance

If you need help, you can access the ScalaHosting team via the Support tab. This link opens the ticketing system you can use to submit a tracked support request for your query. It also allows more streamlined assistance since you can directly choose the relevant department (e.g., Support, Sales, Billing) for your needs.

Responses to support tickets submitted via the ScalaHosting ticketing system are prompt. There is a 15-minute average response time for all submissions. This tab also gives you access to ticket status, showing details such as submission time and date for easy tracking.

Keeping Track of Billing

The billing area includes detailed records of your entire transaction history using the account. ScalaHosting believes in transparency, and all transactions, including invoices, refunds, canceled services, are included.

Order New Services

ScalaHosting offers a wide range of services, and customers often use multiple services under the same account. To make things easier, you can quickly apply for new services via the “Order New Services” link.

On a shared hosting account, you, along with multiple other users, all use the same physical server. Although a shared account can get a dedicated IP, by default, everyone on the server uses the same internet protocol address. By contrast, if you opt for a VPS solution you get an entire virtual server to yourself. This means you also have your own IP that only you will use.

Advantages of Using a Dedicated IP Address

If you share an IP with other people, your service is dependent to a certain extent on what other people are doing. For example, if another user on the same shared server starts sending spam, global filters might intercept it and blacklist the server’s IP. This means that your email communication will also be affected.

With a dedicated IP, you are solely responsible for your IP address’ reputation, so you can expect a much more reliable email deliverability.