Unable To Password Protect Administrator Folder Using Htpasswd File - Question | JoomShaper
Black Friday sale is live with flat 50% OFF. Sale ends soon! Grab your deal now!
Back to the questions

Unable To Password Protect Administrator Folder Using Htpasswd File

PW

Paddy Wanless

SP Page Builder 2 years ago

Hi,

I'm trying to implement additional security features and want to password protect the administrator folder.

I previously have easily been able to do this in the past using a .htaccess and .htpasswd file placed in the administrator folder. Very simple, very easy and works like a dream.

However, I've now built a site using the helix ultimate template and SP Page Builder Pro. When I attempt to implement these additiojnal security controls, it does not work!

If I navigate to the administrator folder on the website I now get the 404 page not found error page. If I remove the two files, then the administrator page can easily be accessed.

Am I able to implement this additional security requirement or is the helix ultimate template or Page Builder Pro stopping this feature from existing?

I'm on the latest version of Joomla 4 and all extensions are up-to-date.

Any help would be greatly appreciated.

Thanks, Paddy

0
6 Answers
Order by
Oldest Newest Votes
PW
Paddy Wanless
Accepted Answer
2 years ago #107374

I'm just bumping this question to see if anyone can assist. Would be great if someone from Joomshaper support can at least let me know that what I've stated isn't possible.

Thanks in advance, Paddy

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 2 years ago #107379

Hi Paddy,

I don't know the answer to your question yet. You'd have to ask someone who deals with .htaccess more deeply. But try another security method. To main root .htaccess file add:

RewriteCond %{HTTP_REFERER} !my-domain.com/administrator/
RewriteCond %{QUERY_STRING} !^word$
RewriteCond %{QUERY_STRING} !com_securitycheckprocontrolcenter [NC]
RewriteCond %{QUERY_STRING} !com_sppagebuilder [NC]
RewriteRule ^.*administrator/? /not_found [R,L]

Of course my-domain.com = your real domain.

And the login URL would be : /administrator/?word

and all spam bots will get 404 kick off. Similar feature offers: AdminExile plugin.

0
PW
Paddy Wanless
Accepted Answer
2 years ago #107466

Hi Paul,

Thanks for the information - very helpful!

I'll give it a go and update my post with my findings.

Thanks again, and enjoy the rest of your day! Paddy

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 2 years ago #107473

I helped as I could. I also use that solution on almost all my sites.

If you will find something give me feedback.

It will be a long day... thanks a lot. Have fun too.

0
PW
Paddy Wanless
Accepted Answer
2 years ago #108549

Thanks Paul,

I just wanted to let you know that your solution worked perfectly and will be implemented on all future sites that use SP Page Builder Pro.

Thank you for providing such a clear and concise answer.

I hope you have a great weekend! Paddy

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 2 years ago #108553

What is funny, yesterday or day before, I have seen website that has htaccess login screen and everything worked inside, but becuase it was crazy day ("Rush hours"), and I forgot to check what rules were used by webmaster. Oh..

Anyway, if something else is working fine - nothing to worry and cry :)

0