Web Development

How can I password protect my Joomla! website administrator interface?

Joomla occasionally presents several serious vulnerabilities that can allow unwanted users to gain access to your website. If you think someone has gained access to your Joomla website you may want to follow the steps below to increase its security.

  1. Find and delete suspected users
  2. Change all the user passwords
  3. Protect the administrator directory using a password
  4. Let us know for further examination

Step 1: Find and delete suspected users

The first thing you should do is to search the list of your registered users for accounts that you do not know or have rights that you have not previously assigned.

Log in as administrator in your Joomla control panel.

Navigate to the Users option on the left menu. 

Here you have to check the User Groups column for all the users and see what privileges each one has. Any user with upgraded privileges as Author, Editor and Publisher is dangerous, pay more attention for users with the Manager or Administrator privileges. You should make sure that there is not a user that you do not know and has upgraded privileges.

If you find any suspect you can click the checkbox in front of their name and then click the X Delete button at the top bar of the user list. You can check and delete more than one users at once. 

Step 2: Change all the user passwords

When you are sure that all users on your website are reliable you should change their passwords so if any malicious user has acquired a copy of your users list can not login again with their old passwords.

Login as administrator and navigate to the Users option from the left menu as we did in the previous step. There you have to select the user you want and click the Edit button at the top bar. In the next screen edit the Password and the Retype Password fields with the new password for the selected user.

Then click the green Save button.

You have to do this for every user on your website especially for the Administrators and the Managers.

Step 3: Protect the administrator directory using a password

Login to your cPanel.

Then click the Password Protect Directories icon located under the Security category.

Select the Web Root option (make sure that the Show Hidden Files (dotfiles) checkbox is selected)

Click the public_html icon and then click the administrator directory name which is the one that we want to password protect. 

Select the Password protect this directory checkbox and then fill in the Enter a name for the protected directory field. That will be shown as a message on the visitors that try to login and can be anything you want. Then click the Save button below it.

Then click Go Back.

Type a Username and a Password at the bottom of the page and then click the Add or Modify The Authorized User button.

At the next page click Go Back.

To ensure that your directory is protected, visit it through your browser If the browser asks you to login then your administrator directory has been successfully password protected.

Note! If you access the administrator directory and you see an Error 404 message then you have to take another step to be able to properly protect the directory with a password.

Navigate to the cPanel > Files category and open the File Manager. There select and open the administrator directory. Then left click the .htaccess file and select Edit. On the editing page you will have to add the following line of code at the end of the file.

ErrorDocument 401 "Authorisation Required"

Click the Save button at the top right. 

Try to re-visit your website administrator directory and make sure that the password protection is working properly.

Step 4: Let us know for further examination

If you found that your website has been violated let the technical department of IP.GR know. We will use advanced antivirus software to check for malware files that the unwanted user may has added to your website.

IPGLOBAL IKE   |  IP.GR Web Hosting and Domain Name registration services in Greece
Cookies Preferences
 Functional  Statistics  Marketing

You can see detailed information about the use of cookies on the page: Terms of use