Choosing Login and Password Software 

Many online publishers need login and password-protected access to all or part of their website.

Sometimes they need to add it to an existing website.

Other are launching a website for the first time and want to have a protected area from the outset.

The following article is intended to be a useful checklist to help you avoid the many pitfalls of adding login and password protection to a website.


Why do Website Owners Want to Add Password Protection?

The three most common reasons for wanting login and password protection on a website are:


  • The website publisher wants to create a member-only part of a website and charge visitors a one-off or monthly fee to access premium content. There are now thousands of successful paid subscription websites covering just about every subject
  • The publisher wants to restrict access to their content to an approved group of people.  This is usually the case for websites that support offline organisations such as societies, associations, clubs and charities.
  • The publisher wants to only provide access to people who register for their website. This is a common way of collecting email addresses for marketing purposes.

The Top 10 Questions You Must Ask When Buying Login and Password Protection Software


When deciding to add login and password protection software to a website, these are some of the most important points that you should take into account.


Question #1 – How integrated will the login and password protection be with your content management solution?


Tight integration between your content management and login application is critical.

You should be able to easily decide exactly the content each member can see. It should be simple to have different levels of access, for example, bronze, silver and gold, which gives different members access to different content.  This might not be a requirement when you launch, but it is a common requirement for many sites as they evolve.


Question #2 – How well does the password protection integrate with the payment processing?


One of the most common problems that website owners discover is that ‘bolt-on’ password protection software does not integrate well with their payment processing application. This means that they have no way of telling which members have renewed their subscriptions and which should be chased or deactivated. If password protection and payment processing is not integrated, monitoring renewals and deactivating passwords becomes a very time consuming, manual job.


Question #3 – Are you protected against password fraud and multi-login attempts?


Ensure that the software has multiple ways of detecting password fraud.

Password fraud is when a single paying member shares their password with other people or worse, someone steals a password and makes it available to other people, often by posting it on a forum. The login and password protection software should be able to detect more than one person trying to login at any one time, multiple different IP addresses, international logins and other suspicious activity.


Question #4 – Can people get access to your premium content by typing in the URL?


Most login and password protection software packages do not protect against individuals typing the domain names of a protected page directly into the browser to access the private page. Any solution you choose should block URL access to your valuable premium content. 


Question #5 – Can the search engine spiders index the member-only pages, whilst keeping humans out?


The best password protection solutions enable the search engine spiders to get access to the premium content so it can be indexed and searched, but blocks all attempts by humans trying to gain unauthorised access. 

Question #6 - Can you provide visitors to your site with a teaser for each premium page of content, but block the rest of the article?

The best software will allow the publisher to automatically show visitors a teaser for every page of premium content, whilst blocking the rest of the page. 

Showing a teaser, which maybe the first line of each article, is great marketing tool and encourages visitors to become registered subscribers. 


Question #7 – Can you turn off page caching?


When a legitimate member logs into your website and calls up a page of premium content, the page is usually cached on one or more servers around the world.  The next time that someone tries to call up this page, he or she will be able to get access to the cached version of the page. This will mean non-members will be able to get access to your premium content.   You must ensure that you can stop your premium content pages from being cached.


Question #8 – Can members choose their own passwords?


Many password protection applications automatically issue random passwords. They are usually hard to remember so people are forced to write them down, which is a security risk, or will continually forget them. Neither are desirable outcomes for you. You should ensure that members can choose their own password.


Question #9 - Does the application have 'remember me' functionality?


Good websites enable their users to tick a box at registration, so that the next time they visit your website, they are automatically logged in to the members area. This greatly improves the user experience.


Question #10 - Does it have an automatic password reminder feature?


Your login and password box should have a link that enables a user to automatically request a password reminder. If this functionality is not implemented, you will experience a drop-off in logins and ultimately a lower renewal rate to your site.


A Word of Warning


Most login and password protection software providers will NOT make you aware of these issues or explain how you should ensure that your premium content is secure. You must tread carefully when using ‘bolt-on’ applications to your website, particularly when you want to charge for access to premium content. There are a lot of people on the web who know about the loopholes listed above and will exploit your website if you leave any of these doors open.


The Best Solution


The best solutions for ensuring a secure and bullet-proof subscription website is to use a platform that has been built bottoms-up to seamlessly integrate the content management, password protection and membership database. This is your best chance of closing off all the common loopholes, reducing your workload and maximising your revenues. It will also greatly reduce customer service calls and member administration problems, both of which can be monotonous and time-consuming to handle.

If you already have a website, it may be easier and cheaper in the long run to migrate to a fully integrated solution rather than to try and 'bolt-on' a password protection software application.

SubHub provide a fully integrated service that includes everything an online publisher needs to launch and manage a money-making content website. Password protection is fully integrated with the content management and membership database.

To find out more about what SubHub can do for you, click here.