Security Best Practices

How to secure admin folder with HTTP Authentication (.htpasswd & .htaccess)

When setting up a web server, there are often sections of the site like the Admin Dashboards, OpenCart Admin, Backoffice etc. that you wish to restrict access to. Typically the  Web applications often provide their own authentication and authorization methods, but the web server itself can be used to restrict access if these are inadequate or unavailable.

Steps to add HTTP authentication

In this guide, we’ll demonstrate how you can add a layer of security to such areas using the .htpasswd and .htaccess files on your Apache server.

  • First, you will have to create a .htpasswd file which would store the username and password for the HTTP authentication.
  • You can generate the .htpasswd file using our tool: Htpasswd Generator – Create htpasswd file
  • In the tool, enter the username & password you want to set for the admin folder.
  • On submitting the form you would see a string like:
  • Create a file with the name “.htpasswd” on your web server other than the /public_html directory. Preferably one directory above it in the /home folder
  • Add the following code to the .htaccess file inside the /admin folder on your server. Do not forget to put the correct path of the .htpasswd file in the following code snippet:
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile path-to/.htpasswd/file
    Require valid-user
    AuthName "Authorisation Required"
    ErrorDocument 401 "Authorisation Required"
  • Now when you go to the /admin url you will see a prompt like this:

Was this helpful?