• Support Home
  • Knowledgebase
  • FAQs
  • Getting Started
  • Support Home
  • Knowledgebase
  • FAQs
  • Getting Started
home/Knowledge Base/Security Best Practices/How to secure admin folder with HTTP Authentication (.htpasswd & .htaccess)
Popular Search:Whitelisting a URL, Google Bot , Migrate Astra

How to secure admin folder with HTTP Authentication (.htpasswd & .htaccess)

April 4, 2018 July 14, 2020

When setting up a web server, there are often sections of the site like the Admin Dashboards, OpenCart Admin, Backoffice etc. that you wish to restrict access to. Typically the  Web applications often provide their own authentication and authorization methods, but the web server itself can be used to restrict access if these are inadequate or unavailable.

Steps to add HTTP authentication

In this guide, we’ll demonstrate how you can add a layer of security to such areas using the .htpasswd and .htaccess files on your Apache server.

  • First, you will have to create a .htpasswd file which would store the username and password for the HTTP authentication.
  • You can generate the .htpasswd file using our tool: Htpasswd Generator – Create htpasswd file
  • In the tool, enter the username & password you want to set for the admin folder.
  • On submitting the form you would see a string like:
    example_username:$apr1$FwkVQE/9$QDw30fsPhyS6LwIvy4fRp/
  • Create a file with the name “.htpasswd” on your web server other than the /public_html directory. Preferably one directory above it in the /home folder
  • Add the following code to the .htaccess file inside the /admin folder on your server. Do not forget to put the correct path of the .htpasswd file in the following code snippet:
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile path-to/.htpasswd/file
    Require valid-user
    AuthName "Authorisation Required"
    ErrorDocument 401 "Authorisation Required"
    
  • Now when you go to the /admin url you will see a prompt like this:

Was this helpful?

10 Yes  4 No
Related Articles
  • Why One Gets Hacked Even After Using A Firewall?
  • Fixing Referrer-Policy HTTP header
  • Fixing HTTP to HTTPS Redirection
  • Fixing Subresource Integrity (SRI)
  • Fixing Misconfigured X-Frame-Options
  • Fixing Missing HTTP Security Headers
Security Best Practices
  • How to secure admin folder with HTTP Authentication (.htpasswd & .htaccess)
  • Why One Gets Hacked Even After Using A Firewall?
  • Fixing Referrer-Policy HTTP header
  • Fixing HTTP to HTTPS Redirection
  • Fixing Subresource Integrity (SRI)
  • Fixing Misconfigured X-Frame-Options
View All 11  
Popular Articles
  • How to install SQLite for PHP on my Apache/nginx server?
  • Fixing Missing HTTP Security Headers
  • How to enable SQLite in your cPanel/hosting account
  • Whitelisting an IP on your website using Astra
  • How to rename admin folder name in OpenCart 1.5 & vQmod?
KB Categories
  • Agency
  • Billing & Payments
  • Community Security
  • Getting Started
  • Malware Scanner
  • Securing OpenCart
  • Security Audit – FAQ
  • Security Best Practices
  • Support
  • ThemeCloud
  • Threats Stopped – FAQ
  • Troubleshoot
  • Using ASTRA Firewall
  • WP Hardening

Astra Website Security

Product
  • Astra Security
  • Pricing
  • Plan Comparison
  • Malware Removal
  • Resources
Solutions
  • Website Malware Cleanup
  • WordPress Security
  • Magento Security
  • OpenCart Security
  • Joomla Security
Join Our Community
  • KnowledgeBase
  • FAQ
  • Getting Started
  • How To Use Astra
  • Support Ticket
  • Privacy Policy
  • Terms of Use
  • © 2020 Astra IT Inc. All Rights Reserved.

Popular Search:Whitelisting a URL, Google Bot , Migrate Astra