- Joined
- Dec 17, 2023
- Messages
- 4,832
- Reaction score
- 1,135
- Points
- 226
- Location
- Universe
- Website
- kodeblend.us
If you want to provide an extra layer of protection to admin.php, the /install directory, and test & development installations, you can do so with .htaccess authentication.
Protecting admin.php
To protect admin.php, edit the .htaccess file which is in your forum root directory (e.g. /community) and add the following to it:
Code:
The "path/to/passwd/file" will look something like "/home/my-domain/.htpasswds/public_html/community/passwd".
Then create a corresponding passwdfile. This is how to do it using cPanel.
Protecting the /install directory
To protect the /install directory, create a new .htaccess file in /install and add the following to it:
Code:
In this case it is using the same passwdfile as for the ACP so just repeat the steps above to create a different one.
Protecting test and development installations
The state that any test and development installations "must be limited to You and Your website staff".
Again, just place the following at the top of the existing .htaccess file in the directory where XF is installed.
Code:
Set the user and password as explained above.
With it set at the root, it isn't necessary to set it for admin.php and the /install directory.
Using IP address based protection instead of passwd
You can also use IP address protection instead of a passwdfile. In which case you would just have this in the .htaccess file for admin.php:
Code:
And this for the /install directory:
Code:
Replace 127.0.0.1 with your actual IP address. You can find out your IP address .
Additional allowed IP addresses can be added on a new line.
If you have a static IP address then this approach is fine. If it's dynamic however, you will need to constantly update the file every time it changes.
Protecting admin.php
To protect admin.php, edit the .htaccess file which is in your forum root directory (e.g. /community) and add the following to it:
Code:
The "path/to/passwd/file" will look something like "/home/my-domain/.htpasswds/public_html/community/passwd".
Then create a corresponding passwdfile. This is how to do it using cPanel.
- Log in to cPanel
- Click on Password Protect Directories
- Select Web Root
- Click on the forum root folder
- Check Password protect this directory
- Name it as "ACP"
- Click Save
- Create User
- Enter Username
- Enter Password
- Click on Add/modify authorised user
Protecting the /install directory
To protect the /install directory, create a new .htaccess file in /install and add the following to it:
Code:
In this case it is using the same passwdfile as for the ACP so just repeat the steps above to create a different one.
Protecting test and development installations
The state that any test and development installations "must be limited to You and Your website staff".
Again, just place the following at the top of the existing .htaccess file in the directory where XF is installed.
Code:
Set the user and password as explained above.
With it set at the root, it isn't necessary to set it for admin.php and the /install directory.
Using IP address based protection instead of passwd
You can also use IP address protection instead of a passwdfile. In which case you would just have this in the .htaccess file for admin.php:
Code:
And this for the /install directory:
Code:
Replace 127.0.0.1 with your actual IP address. You can find out your IP address .
Additional allowed IP addresses can be added on a new line.
If you have a static IP address then this approach is fine. If it's dynamic however, you will need to constantly update the file every time it changes.