Every Joomla website has the same URL to get to the backend Control Panel. This means bots can attempt to login to your website easily unless you take precautions to block it.
By adding password protection to the /administrator directory, you can help ward off attacks and hack attempts to your website.
It’s easy to set up. I’ll show you how.
Password protecting the /administrator directory is simple to do. What it does is creates a second login box before allowing you, a visitor, or a bot to access the main login page.
Here’s what it looks like.
To set up a password protected directory, you’ll need access to your site’s hosting control panel. We’re using cPanel but other hosting dashboards will have a similar option. You may need to contact your host or look at their documentation to learn how.
- Login to cPanel or your hosting account dashboard
- Click on the Directory Privacy button (It may also say Password Protect Directory)
You will then get a list of directories available on the server.
- Click on the name of whatever directory your site is in. (Often this is public_html. For me it’s staging.domain.com.)
This will bring you to the Joomla file structure of your site. We want to password protect /administrator.
- Click the Edit button to protect /administrator
- Tick the box to Password protect this directory.
- Enter a name for the protected directory (I entered Admin)
- Click Save
- Click Back
This next screen will already have the top part filled in. The bottom portion of the screen under Create User you’ll need to fill in.
- Enter the Username. I used Jenn.
- Enter a Password. I used a system generated one.
- Click Save.
- Click Go Back.
- Test your password protection by going to [replacewithyourdomain]/administrator.
The box shown at the beginning of this article should appear, and you should be able to login with your newly created Username and password for the directory protection.
What to do if you get a 404 when Password Protecting /administrator
If you get a 404 when you go to /administrator, we have some other steps to follow.
- Copy this line: ErrorDocument 401 "Authorisation Required"
- Go to the home page of cPanel or your hosting control panel
- Click on File Manager
- Double click on public_html (or whatever subdomain you are trying to password protect)
- Double click on administrator
- Click once on the file .htaccess
- Click the Edit button at the top
- Click the Edit button to edit the file
- Paste the line ErrorDocument 401 "Authorisation Required" at the top of the .htaccess file
- Click the Save Changes button at the top
- Go to [yourdomain]/administrator and see that the box now comes up
Great job! This is a good deterrent for bots that want to break into your site. Instead of just two things to get through, they now have to get through four.
For more about Joomla Security, do check out OSTraining’s course How to Keep Joomla! 3 Sites Safe .