Monday, August 27, 2007

Google Adsense Site Authentication

by George Halt

How to use .htaccess to allow Google AdSense ads on password-protected pages

One of the challenges with using AdSense has been that users with member-only access sites haven't been able to allow the Google AdSense crawler into their site. That means that if you put Google Ad code on secured pages, the ads that appeared were either irrelevant or Public Service Announcements.

In November of 2006, Google introduced Site Authentication. The purpose was to provide a way for Google AdSense users to create access parameters for the Google Crawler to use that would get it past the security onto their member pages.

However, the instructions on how to correctly use and setup the Site Authentication were vague and unclear. And Google help responses were no better.

Forum post after forum post asked the same questions, and no one seemed to have the answer. I even emailed folks who had posted months ago to see if they had figured it out (and didn't return to follow up the post now that they had their answers). They STILL hadn't found a way to get it to work.

Three of the main questions that I saw were:

1. What do I enter for the Restricted Directory or URL and the Authentication URL if I'm using .htaccess?

2. Whenever I 'Test My Authentication URL' I get an error. What's wrong?

3. I can't see the Site Authentication option in my AdSense Setup screen.

So...after going through all that agony and finally figuring out how to get it to work, I thought I'd document what I did in the hopes that some of you might benefit.

This article is written assuming that you already have a modicum of understanding about how Google AdSense works, and how to secure your website.

This article also focuses exclusively on the .htaccess method of securing your site. It is the simplest and very common. It also seemed to be the one giving folks the most problems.

Setting up your website for login access (skip this section if you already know how to setup your .htaccess and .htpasswd files!)

Before we go into the actual steps of how to setup Site Authentication at Google, let's get the security in place on your pages.

I'm no expert. The power of .htaccess files is lost on me. They are basically simple files that you place in a directory of your domain/website. They can so some pretty amazing things that I won't go into (mostly because I don't understand all of it), but think of it as a set of rules that applies to the directory that you put it in, and all of its subdirectories.

We can use my website as an example. I have a website called It is a strategy guide for a popular online game. The index page is a 'sales' page that highlights the contents. And there is a 'Subscribers Login' link that takes them to the contents page. Obviously, since I am charging people to see the content, the content has to be password-protected. The contents are in a subdirectory of my domain: ''.

Problem: I want people to access the root of the domain, but I want to restrict access to the subscription directory.

Solution: I place a .htaccess file in the subscription directory that points to a .htpasswd (password list) file in the root directory.

The first time a browser requests a page in that directory (or any of its subdirectories), the browser will popup a dialogue box asking for a Username and Password. (The browser then stores that for the entire session so it doesn't popup on every page. But if they close the browser, they will have to login again next time they open a page.)

I won't go into the details about how to create a .htaccess file. You can go to to read all the details, or search Google for '.htaccess to password protect a directory'.

And you can go to to learn about how to create a .htpasswd file. Or just search Google for '.htpasswd encryption' to find numerous sites that do it. (The passwords have to be encrypted using a tool that can be found at that link.)

When you create your password list, create a separate login/password combination for the Google AdSense robot to use!

In conclusion, if you have setup your domain correctly, you have:

a .htaccess file in the directory you wish to protect. It points to a .htpasswd file. a .htpasswd file in an unprotected directory above the protected directory. the login/password combinations (with encrypted passwords) in the .htpasswd file, including a login for the Google AdSense robot. I recommend testing your setup by simply opening a new browser window (to make sure you don't have your login already stored) and navigating to a public file on your site, then trying to navigate to a page in your protected directory. You should get the popup box asking for Username and Password. Test the username/password combination you created for Google...if it lets you see the page, CONGRATULATIONS! You've setup the first part of your security correctly.

Now that you've got your site secured, it's time to tell Google how to get in!

Setting up Site Authentication for .htaccess

Register for Google AdSense with a Google Account. I know that you can create an AdSense account without having a Google account. However, for now, the Site Authentication option will only appear if you log into Google Adsense with a Google account. This means a GMail account! It's still free...maybe a little inconvenient, but not difficult. Go to the 'AdSense Setup' tab. Look for the 'Site Authentication' link under the tab. It appears to the right of Competitive Ad Filter. Click it. Click 'Add a Login'. For the 'Restricted Directory or URL', put in the full path of the directory that has the .htaccess file in it. For my example, that would be For the 'Authentication URL', put the exact same thing as what you put in the Restricted Directory box. Choose 'Plain HTTP (.htaccess)' from the drop-down list. This will automatically create two attributes (username and password). Those are the only two attributes you will need. For username, enter the name that you chose for the Google robot...this must match exactly with what you put in your .htpasswd file. For password, enter the NON-ENCRYPTED password for the Google robot. Do NOT hit 'Test My Authentication URL' yet. Hit Save. The settings are saved, but you'll notice a red X with a Site Unverified under it in the Status column. (unless you've already verified you own the domain).

For the whole thing to work, you must verify that you are the owner of the site. To verify, click the 'verify site' link and follow the instructions. I'll assume that if you've gotten this far, the steps needed to verify the site are easy for you. (You have to either edit a page in your site and add a predetermined META tag, or add a page that Google creates to the directory.)

Technically...YOU'RE DONE!'s the hangup that most people hit without realizing it.

Click 'edit' on the row that has your login and password displayed for your site. It brings up the same Site Authentication page, already pre-filled.

If you hit Test My Authentication URL, you will get an error, if you're using Windows Internet Explorer. You will assume that it's not working, or that you've done something wrong.

What's happening is this:

Google is trying to access the page using an old-school method of passing the username and password directly in the URL. The format for this is:

HOWEVER, Internet Explorer does not permit this format any more. It deems it too unsecure, and doesn't allow the data to pass correctly.

So you end up beating your head against the wall because when you test your Google authentication it comes back with an error.

Take any or all of the following steps to double-check that it's working correctly:

Download Mozilla FireFox or any other web browser besides IE. Log into your Google AdSense site, and test your authentication url from the Site Authentication section. If you can see the site in the window that pops up, you're good to go! Forget the whole 'Test My Authentication URL' and just go to one of your secure pages and manually enter in the username and password that you saved in the Site Authentication screen. If you get in, so can the Google robot! View your Google Ads on the pages once you've set it up. You should see (perhaps after a day or two) ads that are relevant to your content.

I hope that this article helps you get your Google Ads working on your secure site. I can tell you that I had done most things correctly the first time through. I basically had the two questions I listed at the start, and it took me a few days of trial and error and research to figure out how to do it. I'm hoping that you don't have to go through the same frustration.

If you are serious about getting Google Ads to work for you, you definitely should check out the Keyword Elite tool. It can do some pretty amazing keyword analysis to help you drive the most traffic with your ads!

About the Author

George enjoys playing World of Warcraft, and Web Marketing. He combined his hobbies by creating

1 comment:

Anonymous said...

all the time i used to read smaller content which also clear their motive, and that is also happening with this article which I am reading at this

Feel free to surf to my web page :: weight loss tips