Password protect Joomla administrator directory

One of the ways to increase your Joomla site security is password protect administrator directory.

If you use third party hosting provider which offers cPanel site administration, you can easily protect your administrator directory using built-in cPanel Password Protect Directories option.

cPanel - Password Protect Directories

If cPanel is not an option or you host your site yourself, you can use .htaccess file to achieve the same result.

  • First of all you need to create .htpasswd password file. Run following command at the terminal:
    htpasswd -c /securty/.htpasswd joomla-admin
    You will be promoted to provide a new password.  
    /securty/.htpasswd - path to your .htpasswd file. You can use pretty much any path accessible by Apache. Just don't use publicly accessible web directories.
    joomla-admin - user name. Again, can be anything, but don't use the same name as you use to login to the Joomla back-end. The same goes for the password.
  • Double check that .htpasswd file has been created in specified directory. Inside the file you should have a single line with user name and encrypted password, i.e. joomla-admin:OHVKpmZjyzgqw
  • Create following .htaccess file in your Joomla site's administrator directory:
    AuthUserFile /securty/.htpasswd
    AuthType Basic
    AuthName "please login"
    <Limit GET POST>
    require valid-user

    - Path to the .htpasswd file you created in previous step.
    please login - message displayed in the password prompt.

Now, when you go to you will have to provide username and password before Joomla back-end login form is displayed. 

Google Chrome - Authentication Required

Linux Apache web server


Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait