Joomla Security: How to Restrict Access by IP Address to the Administrative Directory of Joomla Using .htaccess in Joomla (Step by Step)
Disclaimer: Your support helps keep JovialGuide running! Our content is reader-supported. This means if you click on some of our links, we may earn a commission.
Restricting access by IP address to the administrative directory of Joomla, is done by using a code snippet that contains the IP addresses of whom you wish to grant access to the administrative directory of your Joomla website. It works in a way that; anyone that uses the IP address that hasn’t been granted access (in the .htaccess file), will be denied access to the administrative folder of your Joomla website.
This is a preventive measure that helps you protect the sensitive directories of your Joomla website from unauthorized access which could harm your website.
We have written this tutorial for WordPress users. It teaches one how to protect wp-admin using .htaccess to limit access in WordPress
Want to host your Joomla website with SiteGround but aren’t sure? We’ve written a JovialGuide that shows you top 5 best reasons you should transfer or host your next Joomla website with SiteGround
If you are looking for the best Joomla web hosting provider, we wrote a JovialGuide that shows you the top 10 best web hosting companies that offer Joomla hosting. These top 10 best Joomla web hosting service providers offer quality Joomla website hosting services.
This JovialGuide will teach you how to easily restrict access by IP to the administrative folder of your Joomla website.
What is .htaccess?
The .htaccess access file is a sensitive configuration file used on webservers that are running Apache Web Server Software. The dot (.) before htaccess makes it invisible on the webserver.
For .htaccess tutorials, take a visit to Htaccess Guide.
Why Should I Restrict Access to the Administrative Directory (by IP Address) of my Joomla Website?
This is the first question that comes to your mind! You already know that the most sensitive directory of your Joomla website is administrator, and it has to be protected! Meaning that; anyone that gets access into the administrative directory of your Joomla website (without your permission), could destroy your website by deleting, editing, etc, the core files and folders that make up the administrative directory. Some attackers may upload malicious scripts, etc, which may grant them remote access into the administrative directory (administrator) of your Joomla website.
So, restricting/blocking unauthorized access is an excellent practice to keep your Joomla website clean and secure against hackers.
Backing up the .htaccess file
We recommend you backup the .htaccess file before proceeding with this tutorial, so that in a case that you miss edit the .htaccess file while trying to add the code snippet below, you’ll still be able to restore it easily.
Poorly configured .htaccess file, causes one’s website to break!
Restricting/Blocking Access by IP Address to the Administrative Directory of Joomla using .htaccess in Joomla
First off, you’ll have to have access to the cPanel or FTP details of your Joomla web hosting account. This will help you edit the .htaccess file. If you don’t know about this, contact your web hosting support team.
Login to the cPanel of your web hosting account. If you wish to use FTP, login using the FTP details of your web hosting account.
Locate and open the folder in which your Joomla website files and folders are stored.
Locate and open the .htaccess file, which will be used to limit access by IP address. The .htaccess file is located on the root folder, where your website files are stored. If you can’t find the .htaccess file, create a plain text file, name it .htaccess and you save. Don’t remove the dot (.) before htaccess, it’s the dot (.) that makes it htaccess file.
Copy and paste the following code snippet to the .htaccess file of the Joomla website you wish to restrict access by IP address:
Order Deny, Allow Deny from all Allow from 127.0.0.1
In this tutorial, 127.0.0.1 is our test IP address, replace it with the IP address you wish to grant access to the administrative directory of your Joomla website. Save when you are done.
Granting Access to Multiple IP Addresses
If you wish to grant access to multiple IP addresses, duplicate the above code snippet and replace with the IP addresses you wish to grant access to. Your code snippet will look like this:
Order Deny, Allow Deny from all Allow from 127.0.0.1 Allow from 0.0.0.1 Allow from 127.0.0.0
Where 127.0.0.1, 0.0.0.1 and 127.0.0.0 are our test IP addresses (in this tutorial), and we have granted access (into the administrative directory of Joomla) to 3 of them. Replace with the multiple IP addresses you wish to grant access to and save.
Advantage of Restricting/Limiting Access by IP Address
The good side of limiting access by IP address is that; only the computers/devices with the allowed IP addresses are granted access to the administrative directory of your Joomla website.
Disadvantage of Restricting/Limiting Access by IP Address
It is true that anything that has an advantage must have a disadvantage. In this case, it’s true!
The bad side of limiting access to the administrative directory of your Joomla website is this; you’ll have to add the IP address of all of your computers to the code snippet. Adding the IP address of all of your computer isn’t difficult to do.
If you are away from the computers you granted access (using IP address) and wish to login to the administrative area of your Joomla website, it’s totally impossible to login. You’ll be denied access to the administrative area, whether you are logging in as the administrator or not. Because you didn’t allow/grant access to the IP address of the computer you are using.
Another bad side of using .htaccess to limit access by IP is that; if the .htaccess file isn’t properly edited, it could cause your Joomla website to break. This is the reason we recommended earlier that you backup your .htaccess file before proceeding.
Some of our Joomla tutorials we’d like you to read:
- the overview of the control/administrative panel of Joomla
- how to perfectly learn and practice Joomla for free
- how to easily export and import your Joomla database tables
- how to find out the name and type of database your Joomla website is using
- how to install, setup and run Joomla locally (localhost) using PHP Runner on Android
This JovialGuide has shown you how to protect the administrative folder of your Joomla website by IP address. This means that; the IP address that hasn’t been granted access (in the .htaccess file) won’t be allowed into the administrative folder of your Joomla website.
Following this Joomla security tutorial, adds additional security to your Joomla website by restricting unauthorized access into the administrative folder by IP address.
We have written other Joomla tutorials, take a visit to the Joomla tutorials section of this website (JovialGuide) for more.