Shield is a cool module that lets you set up HTTP authentication for your Drupal site if you are running it on an Apache server.
Say you have a development site running on a remote server that can be accessed over the internet and you want it completely hidden from the public. The Shield module provides a closed platform kind of thing by which you can restrict access even to the site’s homepage with a simple GUI configuration.
Without this module you have another GUI option, albeit less useful. You can put your site in maintenance mode for the time you are not developing. But then people can still see the maintenance page and the entire site (anonymous user accessible) while you are developing.
Shield provides a nice PHP authentication mechanism that is easily configurable in the GUI. After you install and enable the module, navigate to
admin/config/system/shield and you’ll be presented with some options. The most important are the credentials you have to set up in order to be able to access your site. You can even restrict command line access to the site by unticking the checkbox.
Additionally, you can specify a custom message you want to present the user in the login box that pops up on the screen. You can pass the credentials as tokens (which for some reason include also the password) but it would kinda defeat the purpose of having the authentication set up.
Please note that the authentication system this module puts in place has nothing to do with Drupal user accounts. If you set up the credentials, you will have to login regardless of what kind of user you are on the site.
There was an another module out there offering similar functionality (HTPasswd protection) but due to the Drupal collaboration over competition mindset that we love so much, the 2 modules are merged into what is now the only proposed solution - Shield. Many thanks to the 2 maintainers of this handy module!