How to secure admin folder with HTTP Authentication (.htpasswd & .htaccess)

When setting up a web server, there are often sections of the site like the Admin Dashboards, OpenCart Admin, Backoffice etc. that you wish to restrict access to. Typically the  Web applications often provide their own authentication and authorization methods, but the web server itself can be used to restrict access if these are inadequate or unavailable.

Steps to add HTTP authentication




In this guide, we’ll demonstrate how you can add a layer of security to such areas using the .htpasswd and .htaccess files on your Apache server.

First, you will have to create a .htpasswd file which would store the username and password for the HTTP authentication.
You can generate the .htpasswd file using our tool: Htpasswd Generator – Create htpasswd file
In the tool, enter the username & password you want to set for the admin folder.
On submitting the form you would see a string like:

example_username:$apr1$FwkVQE/9$QDw30fsPhyS6LwIvy4fRp/

Create a file with the name “.htpasswd” on your web server other than the /public\_html directory. Preferably one directory above it in the /home folder
Add the following code to the .htaccess file inside the /admin folder on your server. Do not forget to put the correct path of the .htpasswd file in the following code snippet:

AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile path-to/.htpasswd/file
        Require valid-user
        AuthName "Authorisation Required"


Now when you go to the /admin url you will see a prompt like this:


Updated on: 18/07/2022

Was this article helpful?

Share your feedback

Cancel

Thank you!