Backend access⬢ 6.1.2
👤 User menu
Interactive demo – click around. Nothing is saved, sent or executed.Interactive demo – nothing is saved or executed.↗ Get HTProtectDEEN
v2.4.13 · htprotect.org · Docs
v2.4.13 · htprotect.org · Docs

Backend access (/administrator)

No additional protection active

Recommended: an additional web server password prompt blocks brute-force attacks before Joomla even starts.

Warning: /administrator is not writable for PHP – setup will probably fail.
Creates a strong 20-character random password and fills both fields.
Server path (advanced)

Only needed if the self-test reports that the web server cannot read the password file (PHP and Apache see different paths, e.g. chroot). The component first tries all known path views automatically.

Tip: use different credentials than for the Joomla login – that is the point of the additional layer.

Emergency mode – lock the entire site

Extends the password prompt to the entire site (same credentials as the backend protection). Every visitor then sees a browser password prompt. Ideal for cleaning up after a hack or for a staging phase. Warning: While emergency mode is active, Joomla updates and automatic calls (cron/webhooks/payment callbacks) are blocked too.

Set up backend protection first Emergency mode uses the credentials of the backend protection.

Protection works on Apache and LiteSpeed servers (mod_rewrite). Before every write a backup is made automatically; a self-test with auto rollback catches server incompatibilities. Donate