Password protect Joomla administrator directory

One of the ways to increase your Joomla site security is password protect administrator directory.

If you use third party hosting provider which offers cPanel site administration, you can easily protect your administrator directory using built-in cPanel Password Protect Directories option.

cPanel - Password Protect Directories

If cPanel is not an option or you host your site yourself, you can use .htaccess file to achieve the same result.

Check your Joomla site for vulnerabilities

OWASP Joomla! Security Scanner is a great security tool to check your Joomla! website for known vulnerabilities and other security issues and be one step ahead of hackers. This tool uses Perl so you need to have it installed on your machine. Most of Linux distributions have it preinstalled.

  • Download Joomscan from (recommended for latest version) or here.
  • Extract files and upload to your Linux box.
  • Navigate to joomscan-latest
  • run ./ update to update local vulnerabilities database
  • run ./ -u -ot
    This will run vulnerabilities scan and save report in joomscan-latest/report folder
  • For other options and commands run ./

Replace directory using mod_rewrite redirect in .htaccess


Following rule will replace old-directory with new-directory in your website's URL. Add this to .htaccess file.

Options +FollowSymLinks
RewriteEngine On
RewriteRule ^old-directory(.*)$$1 [l,r=301,nc]


rewriterule - defines rewrite rule
^ - start matching
(.*) - match and remember everything
$ - end matching
$1 - append original URL part captured in (.*)
l - last rule (only omit in linked rules)
r=301 - redirect using 301 response (permanent redirect)
[nc] - non case sensitive

Add www to all URL's on Apach website (.htaccess mod_rewrite)

Following rewrite rule will add www to all URL's on your website in case a visitor didn't type www or followed a link without www. Add this to your .htaccess file:

Options +FollowSymLinks
RewriteEngine On
rewritecond %{HTTP_HOST} ^$ [nc]
rewriterule ^(.*)$$1 [l,r=301,nc]


Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait