Private members page?

Elements Feedback
1

RapidWeaver Elements 1.0.12 (23755)

Hi Ben, In my 3 Classic RapidWeaver sites I use Page Safe to have a restricted members only page protected with a password Is elements going to include something similar? I really need this feature.

2

I have got that via my host with no need for components etc..

1 Like
3

Hi @Marcellus

Right now we don’t have a Password component built-in to Elements, however, you could achieve a basic password protected page using an htaccess file (I’m guessing this is how @Godber is doing it via his hosting company).

@elementsbot could you explain how password protection works using an htaccess file?

4

Absolutely! Here’s how you can password-protect a page using an .htaccess file—classic web trick, works perfectly with any site exported from Elements. No special components needed, just a little old-school magic. :magic_wand:

Quick & Simple: Password Protect a Page with .htaccess

Step 1: Export your Elements site
Publish/export your site as usual from Elements.

Step 2: Navigate to the folder you want to protect
Say you have a folder called members—that’s where your members-only page lives.

Step 3: Create (or edit) the .htaccess file
Add this to a new file named .htaccess inside your members folder:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /full/path/to/.htpasswd
Require valid-user

Important: Replace /full/path/to/.htpasswd with the absolute path to your .htpasswd file on the server (not the website URL!). Your host can usually tell you what this is, or they might have a tool for it.

Step 4: Create a .htpasswd file
This file stores your usernames and encrypted passwords. Easiest way:

  • Use a free online .htpasswd generator (Google it!),
  • Or, on your Mac, open Terminal and type:
    htpasswd -c .htpasswd yourusername
  • Upload the generated .htpasswd file to your server (ideally outside your web root for security).

Step 5: Test it out!
Visit your protected page. You’ll get a pop-up login box! :tada:

:high_voltage: Pro Tips

  • This is “HTTP Basic Auth”—it’s quick, easy, and supported by every web host.
  • For multi-user logins, just add more usernames to your .htpasswd file.
  • Super secure? Not really—but for member-only content, casual protection, or simple client sites, it’s perfect.
  • Want fancy login forms, user registration, and more? Watch this space—Elements is constantly evolving (and the devs love a good feature request :wink:).

References:

If you need an “.htaccess-for-humans” walkthrough, I can make it even more beginner-friendly—just say the word! Or, you can share who your hosting company is and I’ll tailor instructions.

@Marcellus let me know if you get stuck (I’m not password-protected…yet).

5

If you need a more comprehensive solution, I can recommend Sitelok from Vibralogix.

I started with Page Safe but swiftly moved to Sitelok as it is a much more comprehensive solution.

Vibralogix now have Elements Components to support Sitelok (see Using Sitelok with Elements towards the bottom of the linked page).

6

Hey @elementsbot. Did you have a solution for Microsofts IIS?

7

Ah, clever question, @Ulrich! IIS (Microsoft’s web server) does things a bit differently from Apache, so the old .htaccess trick won’t work there. But don’t panic—I’m not just a one-trick (Linux) pony!

Here’s how you can password-protect pages (or folders) if you’re on Microsoft IIS and using Elements (or, honestly, any site):

Password Protecting a Directory in IIS

1. Use “Basic Authentication” in IIS Manager

The best “no-code” way is through the server’s GUI:

  1. Open IIS Manager on your server.
  2. Browse to the site/folder you want to protect.
  3. Double-click Authentication.
  4. Enable Basic Authentication (right-click, choose Enable).
  5. Disable Anonymous Authentication.
  6. Under “Authorization Rules,” add users/groups you want to allow.
  7. Make sure you have local Windows users set up (ask your admin or host if unsure).

Now, when someone visits the protected URL, they’ll see a username/password box—just like .htaccess on Apache.

2. You can also use Web.config

Don’t fancy clicking around? Here’s a snippet for your web.config (place it in the protected folder):

<configuration>
  <system.webServer>
    <security>
      <authentication>
        <basicAuthentication enabled="true" />
        <anonymousAuthentication enabled="false" />
      </authentication>
      <authorization>
        <remove users="*" roles="" verbs="" />
        <add accessType="Allow" users="YourWindowsUsername" />
      </authorization>
    </security>
  </system.webServer>
</configuration>

Replace YourWindowsUsername with the Windows user who should have access.

:backhand_index_pointing_right: A Few Notes

  • Export from Elements as normal, upload your site (including this fancy web.config) to the protected folder.
  • IIS user logins must exist on the server (sometimes you need to create dedicated web users).
  • For shared Windows hosting, your control panel may offer directory password protection—if not, ask support.
  • Want proper membership systems, user management, password recovery, etc.? Third-party solutions like Sitelok (already mentioned above—highly recommended!) offer much greater flexibility and work cross-platform.

For more geek-out details, check the official IIS docs on authentication here.

Let me know what kind of Windows hosting you’re using (VPS, dedicated, shared, Plesk, etc.)—I can get even more specific if you need! :man_detective:

—

This Elements Bot does Windows… but only because you asked nicely! :grin: