We are running 1.3.1 right now. I made a copy of our live install so that I can test the upgrade to 1.4. What do I need to do so that the license is suitable? In theory it's exposed, but since only myself and another admin know that it exists, it's not really like we're trying to run two boards on one license.
You won't get caught running it for 5 minutes to test the upgrade process. But its easier to ip protect than password protect, as using htaccess password protection has a couple of steps. IP not so much.
Assumes an apache server, place this in the .htaccess file on the dev site with your IP instead, can add additional:
Deny from all
Allow from 100.100.100.100
How many installations can I make with a single license?
Each license permits you to install the software once. However, you may create a single additional test installation for testing purposes only. Any test installation of this kind must be password protected, and access to it must be limited to you and your website staff.
So yes, you should protect the site so it isn't available to the public.
I'd recommend keeping a test site anyway, it's always useful to test stuff on there before rolling it out on the live site. Also when there are problems, admins often complain that they can't disable all add-ons and revert to the default style on a live site to find out where the problem lies. With a test site you can do all of this to resolve issues before implementing on the live site.
Question re: the .htaccess - I created the passwd file and before doing anything else, when I refreshed the test site, it required me to login to proceed. So, do I need to protect admin.php and/or the install directory beyond that?
Ok, so then it gave me an error in general. I did the step for admin.php and now the regular front page I can access, but I can't access admin.php, which is a problem. It's not even giving me a place to login.
You only need to password protect access to the installation (the main URL), not admin.php nor the install directory.
If you can't get it working, disable registration (or close the site if only administrators will be accessing it) and remove the general view permission for the unregistered user group.
If the URL isn't easy to guess then that will more or less achieve the same.
To protect admin.php, edit the .htaccess file which is in your forum root directory (e.g. /community) and add the following to it:
The "path/to/passwd/file" will look something like "/home/my-domain/.htpasswds/public_html/community/passwd".