Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
.Htaccess Protect the Admin Directory
I couldn't find any tutorial for this, and I thought it might help some who want extra protection for their forum.

Warning: You will have to give this password to all of your admins and they will, in a sense, have to login twice in order to get into the admin interface. This means they will have to remember a second password. If you are okay with this and want the extra protection, by all means, go ahead. If you don't want this, do not follow this tutorial.


This is a step by step process. Please follow the steps accordingly and carefully. This is mainly targeted towards users who are using non-cpanel control panels or who are not using shard hosting and have setup a apache2 and php server. Guide for cpanel below.


Step 1: Go to

Step 2: Enter in the usernames in the first box (on the left). After each username, press enter (line-break).

Step 3: Enter each password in the same line on the box on the right. The username and password must match up.

Step 4: Enter the server's web root directory. You can find this in CPanel (see image below) or you will know this when setting up a server with apache (httpd) and php. For example, /home/mysite/mybb or /home/mysite/

[Image: cpanel-home-directory.jpg]

If you use CPanel, you can also do this easier and automatically (automagically Smile)
I will show this at the bottom.

Step 5: Take the generate code for .htaccess and add it to your /admin directory .htaccess.

Step 6: Copy the generated code for the .htpasswd file and paste it into a new file under the web root directory you specified earlier.

Step 7: Optional: In order to add more usernames and passwords, simply follow steps 2 and 3 and append (add to the end of the file) the new generated lines into your .htpasswd file.

If you need any help, please post below...

Extra Notes:
  • You may place the .htpasswd in the same directory .htaccess, but this is not recommended and secure.


If you use CPanel and want to have this done automatically, use the following guide by Paul H
This user has been denied support. This user has been denied support.
Can the .htaccess file ever be compromised?
As long as the apache (web-server) configuration is correct and securely configured, then the .htaccess file will not be compromised.

Forum Jump:

Users browsing this thread: 1 Guest(s)