In this blog post, we will provide detail instructions on how to protect your Joomla! /administrator/ directory on Apache servers using the htpasswd utility. You can easily adapt these instructions to protect other directories. If you need help finding or creating your .htaccess file, start here.

Caveat (From

Basic authentication should not be considered secure for any particularly rigorous definition of secure. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text across the network. Anyone listening with any variety of packet sniffer will be able to read the username and password in the clear as it goes across.

Not only that, but remember that the username and password are passed with every request, not just when the user first types them in. So the packet sniffer need not be listening at a particularly strategic time, but just for long enough to see any single request come across the wire.

And, in addition to that, the content itself is also going across the network in the clear, and so if the web site contains sensitive information, the same packet sniffer would have access to that information as it went past, even if the username and password were not used to gain direct access to the web site.

Don't use basic authentication for anything that requires real security. It is a detriment for most users, since very few people will take the trouble, or have the necessary software and/or equipment, to find out passwords. However, if someone had a desire to get in, it would take very little for them to do so.

Basic authentication across an SSL connection, however, will be secure, since everything is going to be encrypted, including the username and password.


  1. If you are unfamiliar with the Apache htpasswd utility, you may want to read the following link first. Apache Authentication, Authorization, and Access Control
  2. Check to be sure your site is configured to use .htaccess files. If not sure, ask your host.
  3. Decide where to put your .htaccess file. Because Apache recursively searches all directories in a path for .htaccess files, the higher in your directory structure you place this file, the more directories it will control. If there is already an .htaccess file in the directory you choose, it's probably best to add the new code to it.
  4. Decide where to store your.htpasswd and .htgroups files. These files should NEVER be publicly accessable through the Web. Below is an example directory structure showing good locations for each file. Note that the /auth/ directory in this example is NOT accessible from the Web.
    • /home/mysite/public_html/.htaccess
    • /home/mysite/auth/.htpasswd/
    • /home/mysite/auth/.htgroups/
  5. Create the .htpasswd and .htgroups files as explained in the official Apache HowTo, referenced above. (Since you've read the always current and official documentation at, we'll spare you the trouble of displaying it again here.)
  6. If a .htaccess file already exists in the directory you have chosen, make a backup copy. If the file does not exist, create a new file with that name now. (Don't forget the dot at the beginning of the name.)
  7. Add the following code to the .htaccess file. Adjust the example paths (marked in red) as needed for your server. Adjust the group name that you created in step 5 if it differs from the below example.
    AuthUserFile /home/auth/.htpasswd
    AuthGroupFile /home/auth/.htgroups
    AuthType Basic
    AuthName "LWS"
    require group admins
  8. Test carefully.
  9. Remove all backup .htaccess files from public_http directories.

If you can not use the Apache htpasswd utility, here's a free, online script that creates the necessary files for you. You'll need to know the user name, password, and path. The script does the rest for you. Note that for more advanced configuration, such as the use of groups, you'll need to edit the resulting files.

.htaccess Generator:

Comments (5)

  1. smith

i am read the article this information is very use full to Sucre your data and personal information if you set your password care fully. aclashoflightsapk

  1. kelvison

this best blog. this is the solution of a type of cyber crime. we should have to be informed of this. this informative and usfull for us thank you so much for sharing this sample standard deviation calculator


Custom article review writing services are not hard to come across for those in need of Online Article Review Writing Services and article review service online.


Gotoassignmenthelp Service endeavors to satisfy the advanced education guidelines of the college/ university through the best quality assignments when you require Assignment Help. Assignments are composed consistently and all mistakes are...

Gotoassignmenthelp Service endeavors to satisfy the advanced education guidelines of the college/ university through the best quality assignments when you require Assignment Help. Assignments are composed consistently and all mistakes are adjusted for an immaculate completion in our Assignment help administration on the web. At the point when you pick our Assignment Help Kuwait assistance, our faculty will consider the quality and your evaluation criteria. On taking Gotoassignmenthelp online assistance, we ensure the first substance and faultless work. Educators of the rumored colleges believe assignments to be the most productive technique to evaluate a students' composing bore alongside their comprehension of the course. Gotoassignmenthelp is the best Assignment Help Oman supplier in around the world.

Read More
  1. Christie Brown

At jackets junction, you can find Yellowstone outfits and enjoy various merchandise at a very reasonable price. And we have a team of highly skilled designers having years of experience in designing and manufacturing.

There are no comments posted here yet

Leave your comments

Posting comment as a guest.
Attachments (0 / 3)
Share Your Location

Custom Work Services

CmsBold provides best services to help you solve any stuff with your website, make it the leading in your industry.

Get FREE Quote Now!

Subscribe newsletter

Get our latest updates with exclusive news and offers in your inbox.