Page 1 of 1

[How To] Password Protect Admin Folder

Posted: Thu Nov 29, 2018 4:46 pm
by TheJD
After reading through various threads, there just doesn't seem to be a clear answer on how to password protect the admin folder. I think I figured it out finally, and would like to share it....

If you are familiar with cpanel web host, then I am sure you have tried the Password Protect feature that usually would work. But it seems when we try to use that on the admin folder, it just causes a problem with the cart.
So here is one solution .. oh, take your time reading this.
I don't think I missed a step. If I did I will edit and correct it where needed.

You first need to edit the .htaccess file in the admin folder.
If it is not there, create it and add this code in the file:

Code: Select all

AuthName "admin"
AuthUserFile "/home/SITEDIR/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
ErrorDocument 401 "Not Allowed"
Make sure you change SITEDIR to your website directory.
If your directory layout/structure is different, just adjust it accordingly to your server layout

Now you need to go to /.htpasswds/public_html/admin/ and make a file called passwd (no extension, JUST passwd)

Edit this new created file

Now head over to http://www.htaccesstools.com/htpasswd-generator/ - you will need to generate a username and password on this website and just copy the data into that passwd file.
So for example if you put in the fields:
username: test
password: pass

press create and you should see something like this:

Code: Select all

test:$apr1$ATAGGGta$oY9/Q3EZGCbOGhgx6QcYY/
take that code and copy/paste that into the passwrd file you created a few minutes ago.
save that.

now go to your admin panel and either refresh if you are already there or load it up and you SHOULD get the pop up asking you for a username and password. put in the info you used to generate the code and you should see the admin page or the admin login panel like usual, and there shouldn't be any issues viewing the admin panel or the store front.

You can change

Code: Select all

ErrorDocument 401 "Not Allowed"
if you want, only the

Code: Select all

Not Allowed
part. Whatever you change or enter between those " " will show if someone enters the wrong code or presses cancel.

Well, there you have it.

Note: the first line of code:

Code: Select all

AuthName "admin"
that "admin"...this is your admin folder. if you change your admin folder to another name you have to put that name here. it is also case sensitive.

To do all of this, i used WinSCP software to move around the directories and create the files I needed above. You can edit files and save it right back to the server using WinSCP. It is pretty nice.

Re: [How To] Password Protect Admin Folder

Posted: Fri Nov 30, 2018 10:58 am
by IP_CAM
Well, an OC-integrated Solution would possibly keep you from Problems,
while they might not be as secure as a 'htpasswd' Solution, but if you cannot
solve this matter, it would at least be a quite valuable Alternative!
Good Luck! ;)
Ernie
---
[VQMOD] SecureMyAdmin free, OC v.1.5.4.1 - 1.5.6.5_rc:
https://www.opencart.com/index.php?rout ... n_id=15901
---
(VQMOD) Secure Admin URL free, OC v.2.0.0.0 - 2.2.0.0:
https://www.opencart.com/index.php?rout ... n_id=24045
---
RazorinWorks - Secure MyAdmin 2.0 ( OCMOD & VQMOD ) paid, OC v.2.0.1.1 - 2.3.0.2:
https://www.opencart.com/index.php?rout ... n_id=23969
---
Change admin url free, OC v.1.5.6.x - 2.2.0.0:
https://www.opencart.com/index.php?rout ... n_id=27076
---

Re: [How To] Password Protect Admin Folder

Posted: Sun Aug 18, 2019 9:55 am
by erikgrueter
I also got something to share:
One of the best tools which creates the code needed to password protect your folders is from Dynamic Drive.
Create a username and password for the directory you want to secure.
Enter the path to your .htpasswd file (Use the path above and change the username which you currently use on your server).
Click submit.
https://docsbay.net/how-to-password-pro ... -wordpress
Hope this helps!