Compatible XF Versions:
If you want to provide an extra layer of protection to admin.php and the /install directory, you can do so with .htaccess.
Protecting admin.php
To protect admin.php, edit the .htaccess file which is in your forum root directory (e.g. /community) and add the following to it:
The "path/to/passwd/file" will look something like "/home/my-domain/.htpasswds/public_html/community/passwd".
Then create a corresponding passwd file. This is how to do it using cPanel.
Protecting the /install directory
To protect the /install directory, create a new .htaccess file in /install and add the following to it:
In this case it is using the same passwd file as for the ACP so just repeat the steps above to create a different one.
Using IP address based protection instead of passwd
You can also use IP address protection instead of a passwd file. In which case you would just have this in the .htaccess file for admin.php:
And this for the /install directory:
Replace 127.0.0.1 with your actual IP address. You can find out your IP address here.
Additional allowed IP addresses can be added on a new line.
If you have a static IP address then this approach is fine. If it's dynamic however, you will need to constantly update the file every time it changes.
- 1.0
- 1.1
- 1.2
- 1.3
- 1.4
- 1.5
If you want to provide an extra layer of protection to admin.php and the /install directory, you can do so with .htaccess.
Protecting admin.php
To protect admin.php, edit the .htaccess file which is in your forum root directory (e.g. /community) and add the following to it:
Code:
<Files admin.php>
AuthType Basic
AuthName "ACP"
AuthUserFile "path/to/passwd/file"
Require valid-user
</Files>The "path/to/passwd/file" will look something like "/home/my-domain/.htpasswds/public_html/community/passwd".
Then create a corresponding passwd file. This is how to do it using cPanel.
- Log in to cPanel
- Click on Password Protect Directories
- Select Web Root
- Click on the forum root folder
- Check Password protect this directory
- Name it as "ACP"
- Click Save
- Create User
- Enter Username
- Enter Password
- Click on Add/modify authorised user
Protecting the /install directory
To protect the /install directory, create a new .htaccess file in /install and add the following to it:
Code:
AuthType Basic
AuthName "Upgrade System"
AuthUserFile "path/to/passwd/file"
Require valid-userIn this case it is using the same passwd file as for the ACP so just repeat the steps above to create a different one.
Using IP address based protection instead of passwd
You can also use IP address protection instead of a passwd file. In which case you would just have this in the .htaccess file for admin.php:
Code:
<Files admin.php>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>And this for the /install directory:
Code:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1Replace 127.0.0.1 with your actual IP address. You can find out your IP address here.
Additional allowed IP addresses can be added on a new line.
If you have a static IP address then this approach is fine. If it's dynamic however, you will need to constantly update the file every time it changes.
![[Image: KiXcHZw.gif]](https://i.imgur.com/KiXcHZw.gif)