SPECIAL OFFER: Only $69 for access to everything in OSTraining for 1 year! You save $75! 
Join today and get access to 1,000's of books and videos. Learn WordPress, Drupal, Magento, Joomla and more! Sign up today!

extra password protection for administrator area

5 years 5 months ago #125038 by fancynotion
I’ve been with a new webhost for about two weeks and everything worked fine (we were frequently in the back end and added an article) after transferring the site from another webhost. Then a few days ago the website was still up and running but we couldn’t access the backend. Webhost support said it was because they had updated their Apache server, so they did something to resolve our problem and they said everything was fine.

I still could not access our administrator area. I’ve used AdminExile for years and never had a problem but ultimately, I had to go to pubic_html/administrator and rename the .htaccess file so that I could get into the backend of Joomla 3 and disable the plugin.

So now I have access to the backend but I don’t have the security of double passcodes.

My questions now:
I started with AdminExile about 5 years ago. Would it just make more sense now to use Admin Tools for an extra password, a component that I currently use for my folder permissions? Or is there something else I should do instead? (I’m on Joomla 3.4.8 now and don’t want to update to Joomla 5 until I resolve this.

Please Log in to join the conversation.

5 years 5 months ago #125064 by Valentin
Hi fancynotion,
Probably the path defined in the .htaccess for the .htpasswd file changed and that's why the protection isn't working fine.

I recommend Admin Tools as alternative to set a new password protection, or manually update the path to your .htpasswd file as this tutorial explains .

Follow us on Twitter - twitter.com/OSTraining
Like us on Facebook - facebook.com/ostraining
The following user(s) said Thank You: fancynotion

Please Log in to join the conversation.

5 years 5 months ago #125446 by Madcockney
Replied by Madcockney on topic extra password protection for administrator area
Just noticed this and have had this happen a couple of times, and also when migrating a site, and the quickest way to resolve is to use cPanel or equivalent and access the htaccess file in Joomla administration directory and delete anything relating to password. (I often do this via SFTP as quicker than logging, etc in to cPanel.) Then at least you can login and recreate password security afterwards. However I have never had any success other than on local installs using "Admin Tools" for this, though I haven't tried for some considerable time, as I believe that some hosting companies restrict this. Unlikely to be the htaccess file; more likely where the password file tries to be written to. The same or similar may apply with "AdminExile". (If the password file is within the admin directory then the host probably restricts access until you have given the password. Unfortunately you cannot get to the password file for the confirmation as access is disabled at that stage. Note that with cPanel security the password file is located within a directory under home so if the file for AdminTool orAdminExile was located outside of Admin or in the home directory or sub directory then it will probably work.)


I use cPanel to secure my Joomla admin directory and if it something happens I also know where to remove either via cPanel or the password file directly without thinking of the location.

Please Log in to join the conversation.

5 years 5 months ago - 5 years 5 months ago #125459 by Valentin
Hi Madcockney,

When migrating a site, the password protection will be broken because the path in the new server will be slightly different. This path is defined in .htaccess inside the administrator/ folder.

However I experienced especial cases where the problem was beyond the broken path, but more a server restriction probably, as you mention.

Follow us on Twitter - twitter.com/OSTraining
Like us on Facebook - facebook.com/ostraining

Please Log in to join the conversation.

5 years 5 months ago #125468 by Madcockney
Replied by Madcockney on topic extra password protection for administrator area
Agreed. Though I did not mention it when I referred to migrating it is the information in the htaccess. If you migrate a site from one host to another the htaccess in Joomla/administrator can prevent you from logging in. If you remember you can delete the password references in it before, but I usually forget and have to do it the first time I try to login.

There is another issue sometimes in that if the directory or file structure has altered, though it may look the same, it will prevent the file being accessed. (This is usually when the hosting company has made a change unbeknown to the client.) Years ago we used to see this with windows when you had a link of some form to a directory/folder and we moved to new hardware or replaced the HDD. To us by the name it looked the same, but the way the operating system references is different. The way over this was to recreate the link. Modern utilities for HDD transfers, etc normally handle all this for you.

Please Log in to join the conversation.

5 years 5 months ago #125500 by Valentin
Still is hard to know without checking directly with the hosting provider.

There is another issue sometimes in that if the directory or file structure has altered, though it may look the same, it will prevent the file being accessed.

Agree!

Follow us on Twitter - twitter.com/OSTraining
Like us on Facebook - facebook.com/ostraining

Please Log in to join the conversation.

Join today and get access to 1,000's of books and videos. Learn WordPress, Drupal, Magento, Joomla and more! Sign up today!