Post by TheJD » Thu Nov 29, 2018 4:46 pm

After reading through various threads, there just doesn't seem to be a clear answer on how to password protect the admin folder. I think I figured it out finally, and would like to share it....

If you are familiar with cpanel web host, then I am sure you have tried the Password Protect feature that usually would work. But it seems when we try to use that on the admin folder, it just causes a problem with the cart.
So here is one solution .. oh, take your time reading this.
I don't think I missed a step. If I did I will edit and correct it where needed.

You first need to edit the .htaccess file in the admin folder.
If it is not there, create it and add this code in the file:

Code: Select all

AuthName "admin"
AuthUserFile "/home/SITEDIR/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
ErrorDocument 401 "Not Allowed"
Make sure you change SITEDIR to your website directory.
If your directory layout/structure is different, just adjust it accordingly to your server layout

Now you need to go to /.htpasswds/public_html/admin/ and make a file called passwd (no extension, JUST passwd)

Edit this new created file

Now head over to - you will need to generate a username and password on this website and just copy the data into that passwd file.
So for example if you put in the fields:
username: test
password: pass

press create and you should see something like this:

Code: Select all

take that code and copy/paste that into the passwrd file you created a few minutes ago.
save that.

now go to your admin panel and either refresh if you are already there or load it up and you SHOULD get the pop up asking you for a username and password. put in the info you used to generate the code and you should see the admin page or the admin login panel like usual, and there shouldn't be any issues viewing the admin panel or the store front.

You can change

Code: Select all

ErrorDocument 401 "Not Allowed"
if you want, only the

Code: Select all

Not Allowed
part. Whatever you change or enter between those " " will show if someone enters the wrong code or presses cancel.

Well, there you have it.

Note: the first line of code:

Code: Select all

AuthName "admin"
that "admin"...this is your admin folder. if you change your admin folder to another name you have to put that name here. it is also case sensitive.

To do all of this, i used WinSCP software to move around the directories and create the files I needed above. You can edit files and save it right back to the server using WinSCP. It is pretty nice.



Thu Nov 29, 2018 4:27 pm

Post by IP_CAM » Fri Nov 30, 2018 10:58 am

Well, an OC-integrated Solution would possibly keep you from Problems,
while they might not be as secure as a 'htpasswd' Solution, but if you cannot
solve this matter, it would at least be a quite valuable Alternative!
Good Luck! ;)
[VQMOD] SecureMyAdmin free, OC v. - ... n_id=15901
(VQMOD) Secure Admin URL free, OC v. - ... n_id=24045
RazorinWorks - Secure MyAdmin 2.0 ( OCMOD & VQMOD ) paid, OC v. - ... n_id=23969
Change admin url free, OC v.1.5.6.x - ... n_id=27076

I am no longer active at this Forum.
Please don't send Personal Messages, contact:
Github OC Downloads:
2'000+ FREE OC Extensions from the World's largest Github OC Archive.

User avatar
Legendary Member


Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by erikgrueter » Sun Aug 18, 2019 9:55 am

I also got something to share:
One of the best tools which creates the code needed to password protect your folders is from Dynamic Drive.
Create a username and password for the directory you want to secure.
Enter the path to your .htpasswd file (Use the path above and change the username which you currently use on your server).
Click submit. ... -wordpress
Hope this helps!



Thu Jul 25, 2019 3:55 pm
Who is online

Users browsing this forum: No registered users and 2 guests