Some CE4 plugins include password protection features. These plugins are:
In these plugins, password protection is enabled using options in the Output Settings control pane, pictured below.
To enable password protect in an index or gallery, or in an index or gallery template for CE4 Publisher, you must tick the Enable Password Protection checkbox.
To preview the login screen in Lightroom's Web preview, tick the Preview Login Form checkbox and refresh the preview. Disable the Preview Login Form checkbox to return to the normal gallery view and resume setup.
Enabling password protection will cause galleries to export as PHP documents. PHP documents must be run in a web server environment and cannot be viewed from the desktop, or using Lightroom's “Preview in Browser” feature.
Users logged in as Master will have access to all protected galleries on your website.
Master credentials are intended for use by the site administrator (that's you), so that the website may be browsed freely without the need to memorize numerous, individual client logins for gallery access.
Master credentials should not be shared with clients.
Users logged in as Guest will only have access to specific galleries or gallery indexes into which they have logged in directly.
Guest credentials are intended for use by clients.
See CE4 Publisher documentation …
There are two ways to terminate a login:
?logoutto the end of the gallery URL, i.e.
You may create a logout hyperlink in your gallery navigation or in “the block” content, targeting the the page using relative URL.
Hyperlink target for a link in site navigation:
Markdown syntax for block copy:
HTML syntax for block copy:
CE4 plugins use low-security, script-based password protection. Script-based means that protection is run on the page, and therefore can only protect what is on the page. Protection does not extend to your gallery's /photos/, /thumbnails/ or /resources/ folders, the contents of which can still be accessed directly by URL.
Because these assets can only be accessed by direct URL, however, an infiltrator would need first to know of the assets' existence, and then would also need to know both the name and location of specific assets. This is known as “security through obscurity”.
If you wish to implement stricter security measures, then you will need to implement security at a server level. Such is beyond the scope of CE4 plugins. Contact your host or reference your host's knowledge base on how to do that. We recommend against using server-side password protection for galleries, however, as blocked access to your image galleries will also prevent the auto index from accessing thumbnail images for gallery index pages.
Security through obscurity can be aided by using .htaccess directives to block access to directories on your server containing images. For example, visitors targeting your /photos/ folder would see a “Forbidden” error, rather than the server listing folder contents for download. The directive is:
<IfModule mod_autoindex.c> Options -Indexes </IfModule>
For more information on using .htaccess directives, see our .htaccess reference.
The Turning Gate
Creating webbly, wobbly, Lightroomy things since 2007.