One of the ways to increase your Joomla site security is password protect administrator directory.
If you use third party hosting provider which offers cPanel site administration, you can easily protect your administrator directory using built-in cPanel Password Protect Directories option.
If cPanel is not an option or you host your site yourself, you can use .htaccess file to achieve the same result.
- First of all you need to create .htpasswd password file. Run following command at the terminal:
htpasswd -c /securty/.htpasswd joomla-admin
You will be promoted to provide a new password.
/securty/.htpasswd - path to your .htpasswd file. You can use pretty much any path accessible by Apache. Just don't use publicly accessible web directories.
joomla-admin - user name. Again, can be anything, but don't use the same name as you use to login to the Joomla back-end. The same goes for the password.
- Double check that .htpasswd file has been created in specified directory. Inside the file you should have a single line with user name and encrypted password, i.e. joomla-admin:OHVKpmZjyzgqw
- Create following .htaccess file in your Joomla site's administrator directory:
AuthName "please login"
<Limit GET POST>
/securty/.htpasswd - Path to the .htpasswd file you created in previous step.
please login - message displayed in the password prompt.
Now, when you go to www.yoursite.com/administrator you will have to provide username and password before Joomla back-end login form is displayed.
Linux Apache web server