[Prestashop Security] How to protect Prestashop ADMIN directory with htaccess file – Prestashop Security

[Prestashop Security] How to protect Prestashop ADMIN directory with htaccess file – Prestashop Security

Prestashop Backoffice must required username/password for login before someone can access it, but some BOT (a computer program automatic fill & submit a any form) can automatic random generate a pair of username/password, then fill data & submit login order to detect username/password of your Prestashop admin.

So for protecting 100% to your Prestashop Admin, you can use a .htaccess file, this method is called htaccess password protection or htaccess authentication, it works by uploading 2 files: .htaccess and .htpasswd file. When someone access to your Prestashop admin, a  popup windows will be openned require enter username/password before can see a login form

protect-prestashop-admin-1

You can follow steps to do it

Step 1: find Full Path to your website.

Your website can be stored in a public directory as /public_html, /htdocs, /httpdoc, /httpsdoc, /www… but they are not full path to your website. For an example, it is common the websites stored in  /public_html, but full path for the public_html /demo123/public_html

So How to find a full path to your Prestashop website?

  • You can download our sample PHP file: find_full_path.php.txt
find_full_path.php.txt

rename this file to find_full_path.php

  • upload find_full_path.php to your hosting. open your browser and enter an URL to execute this file, example: http://your-domain.com/find_full_path.php

You can see full path to this PHP file

protect-prestashop-admin-2

Step 2: Create a .htpasswd file that contains encrypted username/password to protect your Prestashop Admin directory

Enter your plain username/password, this tool will create encrypted username/password for your .htpasswd file

protect-prestashop-admin-3

Copy encrypted username/password

protect-prestashop-admin-4

  • Create a NEW file named .htpasswd in any directories in your server, Copy encrypted username/password into this file

protect-prestashop-admin-5

In this article, our plain username/password is demo/demo

You can download our sample .htpasswd file (We renamed .htpasswd to demo.htpasswd.txt at here:  .htpasswd

Step 3: Edit .htaccess file in your Prestashop Admin

Go to your Prestashop Admin, edit (or create a NEW a file if it does not exist at there) .htaccess file

Enter source code into your .htaccess file

AuthType Basic
AuthName “Password Protected Area”
AuthUserFile full_path_to_htpassword_file/.htpasswd
Require valid-user

Note: Change full_path_to_htpassword_file/.htpasswd to your full path to htpasswd file that you can find it in step 1

Also you can try to our sample htaccess file:  sample.htaccess.txt

Done !

Now when you open your Prestashop Admin, a popup windows will display to require enter username/password before thay can view a login form like this image

protect-prestashop-admin-1

Related Articles

Leave a reply

You must be logged in to post a comment.