Alternatives to .htaccess for Securing Website Content
The basic tenet of website security is that the site’s data (its content) should only be viewable by authorized visitors.
While most website operators seek the maximum amount of exposure for their site’s content, even on a publicly accessible website there are likely to be sections or pages, often defined as part of the website directory structure, where allowing unfettered access is not desirable — for example, the members’ area of an adult paysite, where authorized access should only come at a price — or an admin area that controls the site.
Adult webmasters have long relied on basic .htaccess / .htpasswd user authentication for this purpose, but a one size solution won’t fill all; such as if running an incompatible OS or server configuration. To offer some alternatives, XBIZ prepared this brief roundup of the most popular ways to secure your website’s content:
The first options you should explore are the ones you already have, such as security tools provided by your web hosting or billing company or cascading software provider.
The former may provide adequate protection for admin areas and documents outside of the web root, as well as for your members’ area with only one payment processor used, while the latter can handle user authentication involving multiple billing partners.
Oftentimes, these systems rely on a PHP frontend and a MySQL database backend.
Sometimes, it’s only an individual page or two located outside of a secure directory that you wish to protect. Here, an alternative method of document security must be used.
Hotlink protection is also important (and easily accomplished within .htaccess), and is a means of ensuring that your site’s files, such as photos or videos, can’t be successfully linked to by other websites — and rather than simply blocking this unauthorized access, you specify the delivery of “substitute” content (such as an advertisement for your site).
Digital Rights Management (DRM) systems, as well as HTML encryption and other code obfuscation techniques come into play; as well as simple “right click disable” codes, offering “streaming only” video feeds, fractal sliced hi-resolution images and other forms of less-easily saved and shared content are also on the table.
It’s a big topic with a lot of facets, so choosing the right approaches will take careful consideration and perhaps a degree of experimentation until you find the best solution — hopefully the company’s most important files won’t become compromised in the process.