| Coding Tutorials

SecurityOver the last few years, our websites have been subject to regular attacks. One of the most common attacks was sending bots to repeatedly attempt to login to our admin area. Some of the attacks were severe enough to slow or crash our website.

We've stopped those attacks from happening by creating an additional layer of security for our admin areas.

We keep hackers out of your admin area is to create an additional username and password via a file called htpasswd. That extra password screen prevents the bots from reaching our admin login and has eliminated problems with repeated login attempts.

This tutorial will show you how to do that in three easy steps. Let's get started.

1) Navigate to Your Admin Area

Use your host's file manager or FTP to access the admin folder of your website. For example:

  • Joomla's folder is /administrator
  • WordPress' folder is /wp-admin

2) Create .htpasswd

In your admin folder, create a .htpasswd file with the following contents:

  • YourSecretUsername:YourSecretPassword

Replace the above username and password with any that you'd like.

3) Create .htaccess

Create a .htaccess file and add the following code to it:

AuthUserFile "/home/username/public_html/administrator/.htpasswd"
 AuthName "Restricted Area"
 AuthType Basic
 require valid-user
RewriteEngine On
 RewriteRule \.htpasswd$ - [F,L] 

In the above code, switch /home/username/public_html/administrator to your host's full path to your admin folder.

4) Additional Step for Drupal

If you're using Drupal, you'll need to do an additional step:

  • Install the Global Redirect module to force all URLs to the clean SEF URLs, so that your password protection can't be by-passed.

That's it. Now check your admin area and you should be prompted for the additional username and password.


About the author

Nick is the Director of Support at OSTraining and you can find him in almost every area of the site, from answering support requests and account questions to creating tutorials and software.