Protecting your website's administration interface with a .htaccess file

Find out how to protect access to your website's administration with a .htaccess file

Last updated 20th September 2021

Objective

You may need to protect access to part of your website with login credentials. You can set up a file named ".htaccess" to protect access to its administration interface.

Find out how to protect the access to the admin section of your website with a .htaccess file.

OVHcloud is providing you with services for which you are responsible, with regard to their configuration and management. You are therefore responsible for ensuring they function correctly.

This guide is designed to assist you in common tasks as much as possible. Nevertheless, we recommend that you contact a specialist service provider and/or discuss the issue with our community on if you have difficulties or doubts. You can find more information in the Go further section of this guide.

Requirements

Instructions

The solution proposed here is only one technical possibility among others to set up an administrator space on your website. You can also use the 1-click Module feature offered by OVHcloud.

If you have any question regarding the creation or programming of your site, please contact our community of users or OVHcloud partners. We will not be able to assist you with these matters.

Step 1: Create the file path

Log in to your Web Hosting plan’s storage space and open your site's root folder.
Create a file named "crypter.php".

root_folder

Open or create the folder that contains the admin section of your site. Create a ".htpasswd" file and a ".htaccess" file there.

folder_admin

The ".htpasswd" and ".htaccess" files can be in different folders. A single ".htpasswd" file can be used for several ".htaccess" files.

The settings defined by a ".htaccess" file apply to the directory where it is located and to all its subdirectories.

Step 2: Edit the file "crypter.php"

In the "crypter.php" file previously created, enter the following lines (to be adjusted depending on the number of passwords you need to generate):

<?php
$string_1 = crypt('non_encrypted_password_1');
$string_2 = crypt('non_encrypted_password_2');
$string_3 = crypt('non_encrypted_password_3');
echo nl2br(`$string_1 \n $string_2 \n $string_3`);
 ?>

If you have a Professional or Performance Web Hosting plan, log in to your hosting via SSH. Run the following command:

php crypter.php

For security reasons, using SSH in this case is recommended. However, if you have a Personal offer and you do not want to upgrade it to a Professional or Performance one, you can also run the "crypter.php" file with your web browser (by simply opening the URL, for example: https://yourdomainname.ovh/crypter.php).

For any additional questions on how to encrypt your passwords, please contact our community of users or OVHcloud partners. We will not be able to assist you with this matter.

Retrieve the encrypted passwords (Do not copy the "<br />" if you run the "php crypter.php" command in SSH):

encrypted_password_1
encrypted_password_2
encrypted_password_3

Step 3: Edit the ".htpasswd" file

The ".htpasswd" file contains the list of users authorised to log in to your website's administration interface and their encrypted passwords.

Enter one line in this file for each user indicating their username and encrypted password:

user1:encrypted_password_1
user2:encrypted_password_2
user3:encrypted_password_3

Step 4: Edit the ".htaccess" file

Blocking access to an entire directory

In the directory to be protected, create a ".htaccess" file with the following code:

AuthName `Please enter your admin username and password`
AuthType Basic
AuthUserFile `/home/your_login_ftp/root_folder/admin/.htpasswd`
Require valid-user

In this example, replace "your_login_ftp" with your FTP username. In the Hosting plans section, you will find it in the FTP-SSH tab of the hosting plan concerned.

In the example below, replace "root_folder" with the name of the folder containing your site files.

Blocking access to one or more files

To block access to one or more specific files, add a "Files" directive to the ".htaccess" file:

<Files test.php>

AuthName `Enter your login details`
AuthType Basic
AuthUserFile `/home/your_login_ftp/root_folder/admin/.htpasswd`
Require valid-user

</Files>

You will need to specify a "Files" directive for each file to be protected.

The "Files" directives apply to all files with the same name or ending with the specified name, that are contained in the same directory as the ".htaccess" or in one of its subdirectories. (For example, if you apply the configuration shown here, the "Files" directive would apply to a file named "new_test.php" located in a subdirectory of the folder "admin").

Go further

What else can you do with the .htaccess file?

For specialised services (SEO, development, etc.), contact your OVHcloud partners.

Join our community of users on https://community.ovh.com/en/.


Did you find this guide useful?

Please feel free to give any suggestions in order to improve this documentation.

Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.

Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.

Thank you. Your feedback has been received.


These guides might also interest you...

OVHcloud Community

Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.

Discuss with the OVHcloud community