[Prestashop Security] How to protect Prestashop ADMIN directory with htaccess file – Prestashop Security
Prestashop Backoffice must required username/password for login before someone can access it, but some BOT (a computer program automatic fill & submit a any form) can automatic random generate a pair of username/password, then fill data & submit login order to detect username/password of your Prestashop admin.
So for protecting 100% to your Prestashop Admin, you can use a .htaccess file, this method is called htaccess password protection or htaccess authentication, it works by uploading 2 files: .htaccess and .htpasswd file. When someone access to your Prestashop admin, a popup windows will be openned require enter username/password before can see a login form
You can follow steps to do it
Step 1: find Full Path to your website.
Your website can be stored in a public directory as /public_html, /htdocs, /httpdoc, /httpsdoc, /www… but they are not full path to your website. For an example, it is common the websites stored in /public_html, but full path for the public_html /demo123/public_html
So How to find a full path to your Prestashop website?
- You can download our sample PHP file: find_full_path.php.txt
find_full_path.php.txt
rename this file to find_full_path.php
- upload find_full_path.php to your hosting. open your browser and enter an URL to execute this file, example: http://your-domain.com/find_full_path.php
You can see full path to this PHP file
Step 2: Create a .htpasswd file that contains encrypted username/password to protect your Prestashop Admin directory
- Open this online tool: http://www.htaccesstools.com/htpasswd-generator/
Enter your plain username/password, this tool will create encrypted username/password for your .htpasswd file
Copy encrypted username/password
- Create a NEW file named .htpasswd in any directories in your server, Copy encrypted username/password into this file
In this article, our plain username/password is demo/demo
You can download our sample .htpasswd file (We renamed .htpasswd to demo.htpasswd.txt at here: .htpasswd
Step 3: Edit .htaccess file in your Prestashop Admin
Go to your Prestashop Admin, edit (or create a NEW a file if it does not exist at there) .htaccess file
Enter source code into your .htaccess file
AuthType Basic
AuthName “Password Protected Area”
AuthUserFile full_path_to_htpassword_file/.htpasswd
Require valid-user
Note: Change full_path_to_htpassword_file/.htpasswd to your full path to htpasswd file that you can find it in step 1
Also you can try to our sample htaccess file: sample.htaccess.txt
Done !
Now when you open your Prestashop Admin, a popup windows will display to require enter username/password before thay can view a login form like this image
Leave a reply
You must be logged in to post a comment.