Setting Protection Flags and Assigning Passwords

When a new site is created, there is no password protection enabled by default. The administrator must set the protection flag and assign a password.

You should also invalidate the static content cache to enforce its protection; otherwise unprotected content that was already delivered is valid until it expires.

If you change the password, the static content cache must be invalidated to enforce the usage of the new password, otherwise the once delivered content is served until it expires.

  1. To set or change the password:
    1. Select Administration > Sites > Manage Sites > site > Site Status.
    2. Select the Site Status: Online (Protected).
    3. Enter a password in the Username: storefront Password field.

      Specify a password that meets the following requirements:

      • Non-empty string
      • Characters a-z, A-Z, and 0-9
      • There is no minimum or maximum length
      • The password never expires
        Note: If the flag isn't set, the password field can be empty.

      For storefront applications that enforce a mapping between email address and user name, it's a requirement that the login attribute supports any character that is valid in an email address. The following special characters are allowed for usernames and customer logins.


      This allows the use of all supported email address formats as user and customer logins.

    4. Click Apply.
  2. To invalidate static content:
    1. Select Administration > Sites > Manage Sites > site > Cache.
    2. For Instance Type select your instance type.
    3. Click the top Invalidate button in the Cache Invalidation section.
      If you click the second invalidate button, this only clears the pipeline page cache, and unprotected content will continue to be delivered.
    4. Click Apply.