Protecting OXID Admin Area with .htaccess Password
Although OXID uses a standard authentication mechanism for protecting the /admin area, it is advisable to additionally apply .htaccess protection. Â This will keep hackers (and maybe unscruplous competitors) out of your OXID-Admin area.
This quick howto helps you setup .htaccess authentication on Linux environments
2 files are needed for applying .htaccess protection to your shop:
- The .htaccess file itself
- A password text file in which the username and encrypted password are stored
OXID Owner Admin .htpasswd, .htaccess File
OXID Owner Admin .htpasswd, .htaccess File
Step 1
Create a .htaccess file in the /admin folder using touch or vi and place it in your OXID-Admin area. Â This file should contain following contents.
AuthName "OXID Admin" AuthType Basic AuthUserFile /full/nonweb/directory/.htpasswd Require valid-user
Step 2
At any location which is not exposed on the web-server, create a file called the location /full/nonweb/directory/ create the .htpasswd file, using the command-line htpasswd tool.  The exact command is:
myshell: htpasswd /full/nonweb/directory/.htpasswd admin_username
admin_username can usually be left as admin.
You will be prompted after the above shell command to provide a password, and then verify it.
That’s it! Â You may now try this out at http://shopurl.com/admin/
euroblaze is a German e-Commerce company that specializes in delivering end-to-end
Web-Solutions for online merchants. We are experts and a Certified Solution Partner for the
cutting-edge, robust, modular and beautiful OXID e-Sales platform.
English
