Access Restrictions

The construction of a site in a CMS requires a user account with certain privileges. In other words, the CMS imposes access restrictions on creating and developing content. They also help ensure that certain content is not available to the public, which, in the case of a static alternative, is effectively the entire CMS. If you are developing the site on your laptop, say, then you might rely on the fact that your computer is effectively hidden through your router’s firewall, but if you are with a hosting provider, then you will need to specify some restrictions.

We illustrate how to set up access restrictions with particular reference to WordPress and cPanel (link provided for information purposes — you won’t need to download cPanel). In this scenario, you set up a WordPress site using cPanel in the standard way (as shown in a wpbeginner tutorial). The main additional requirement is to restrict access and then, depending on the method chosen, when you run MakeStaticSite, you will need to instruct Wget to use the credentials accordingly. Two methods are described below.

N.B. The second method is considerably more involved and has only been tested with WordPress.

Method 1: Directory Privacy

A basic method is to set up what is referred to as directory privacy. This means that when users try to access the website with a browser, they will be challenged to enter a username and password and/or access will be granted dependent on the Internet (IP) address of their machine. This uses a .htaccess file to specify a username and password or IP address needed to access the directory containing your website. This can be created manually, but it is easier to do this visually in cPanel.

  1. Log in to your host provider’s cPanel
  2. From the dashboard’s Files section, select Directory Privacy. This will open a page with a table of folders.
  3. In the column labelled ‘Current Directory’, navigate to the folder containing your website. Then click the [Edit] button.
  4. In the ‘Set Permissions’ page, check the box for ‘Password protect this directory’ and enter a name for the protected directory. Click on [Save] and the protection mechanism will be installed.
  5. Click on the Go Back link to return to the permissions page.
  6. Under ‘Create User’ enter a username and password. Then [Save].

(More details on this method.)

Then, in the MakeStaticSite configuration, which we will describe later, include the string --user user --password pass in the wget_options parameter, providing your username and password for user and pass respectively.

A separate username and password can be created for each member of the team. It’s a rudimentary method that requires people (or browser) to remember another username/password pair, but it has the advantage of avoiding any processing in web applications.

Method 2: CMS-restricted Access

The second method is to configure the web application (which we refer to as a CMS for sake of convenience) to restrict access analogous to the first method, but here the CMS manages the access, not the Web server. This method is generally more flexible than the first as you can tailor the Web output depending on which user account is being used. For the usual case of creating a public snapshot, the user account should be chosen to have minimal privileges. Typically, we may create a guest account for this purpose.

Apart from creating and setting privileges for the account, the CMS needs to be configured to only allow access to those with valid credentials and/or IP address. For WordPress, this may be achieved using a plugin such as Restricted Site Access. From the Dashboard, select ‘Settings’ followed by ‘Reading’, then as soon as you activate the plugin, access is restricted to account holders and those accessing from designated IPs. To enable access by IP address, in the Reading settings, navigate to the Restricted Site Access section and for ‘Unrestricted IP addresses’ enter the IP address(es) of the machine(s) from where you will be running MakeStaticSite (the button [Add my current IP address] is handy here). Then click on the [Save] button. Note that if your machine is allocated its IP address through DHCP, then you will have to change the setting in the dashboard accordingly.

There is one further prerequisite for WordPress and perhaps other CMS. By default, WordPress includes the Admin bar for logged-in users. This can be disabled for any user using the Dashboard. Simply select Users -> All Users -> and click on the Edit link. Then uncheck the box marked ‘Show toolbar when viewing site’.

Finally with regards to access, to enable support for Method Two in MakeStaticSite, enter the credentials in the relevant username and password fields in the .cfg configuration file. These can be supplied during the setup process. The script will proceed to pass on these credentials to wget, which will crawl a site using session cookies, in the same way as a desktop web browser.

This page was published on 22 November 2022 and last updated on 29 November 2022.