Clients like to see what we are up to, right?

As web developers we need share our progress with our clients as we wok on their new sites, but we only want to share our work with them or a select group users.

That being said you'd be amazed how often the ever busy Google bots crawl their way to one of these staging sites and then, as they were designed to do, index it and then share it with the world!

What brought this thought to mind was, I have a Google Alert set up for the term "Cartweaver" as well as several eCommerce related search terms and frequently I'll get an alert that directs me to a site that is obviously the basic, initial install of Cartweaver.
What is no doubt happening here is a developer is putting this up as a test case for themselves or a client so see - I seriously doubt that they intended for Google to find and index their site at this time however.

So, how do you share your progress with your clients, yet protect it from Google and other uninvited "guests"?

The best solution here is to set the folder on the server that contains your site to be protected and to require a username and password to allow access. If you have a dedicated server this is no problem, and some hosts will set this up for you... but not all. So what do you do if you want to test things on your host server, and allow you client to check progress, but keep the site private and block access for everyone else until you are ready to go live?

A simple User Authentication Method with a "Security Index Page"

Here's a simple set up you can use. You can create a placeholder / log in page and name it as your index page. This page will serve to as you temporary home page. This page will force users to log in to view the rest of the site. During development of your site, just name your home page "home.cfm" (or PHP or ASP) - When you are ready to go live you can eliminate the "security" index page and rename your "home" page to "index". If you do this in Dreamweaver's file view Dreamweaver will even update the links to the home file to index for you so you won't have to worry about doing this manually.

Now what you do is add a log in form to the security index page that will allow users to log in. If the log in is correct they will be automatically taken to the home page and be allowed to browse the site, if not the will be bounced back to the security index page.

What if they are not logged in and manually enter a url for one of the interior pages? Won't they be abe to see the site then?

We can prevent this with a simple validation / relocation script.

We will set a default log in session variable and if a log in is correct this default will be replaced by expected "logged in" value. To prevent access to any pages other than the security index page for anyone not properly logged in we will place code that checks the logged in variable value. If the user is correctly logged in we do nothing and allow access to the requested page, if the value is incorrect we will automatically redirect the user back to the security index page. For ColdFusion we would include this code in the Application.cfm or Application.cfc file, depending on which you are using. For PHP or ASP you will need to include this code at the very top of each page on your site.

Doing this will effectively hide your site-in-progress from prying eyes or Google bots, until you are ready for them to see it, but makes your work in progress easy to see for your clients.

Download the example files here:

• ColdFusion
• PHP
• ASP

Once the site is ready to go live, we delete the index page and rename the home page to index, as mentioned above. Then we delete the included checking code from the site. For Coldfusion, you select the include from you Application file, for PHP you can do a quick search and replace to eliminate the include code.

A note to remember:
It is better if you can secure the site on the server at the folder permissions level, but if this option is not reasonably available to you, this method will do the trick!

Hope you find this helpful!