Admin Protection
Secure your admin folder with HTTP Basic Authentication and IP whitelisting.
Admin Protection
Add an extra layer of security to your PrestaShop admin folder, beyond just the renamed admin URL.
Protection Modes
HTTP Basic Authentication — Adds a username/password prompt before the PrestaShop login page. Even if an attacker discovers your admin URL, they can't reach the login form without the Basic Auth credentials.
IP Whitelisting — Restrict admin access to specific IP addresses. Only connections from whitelisted IPs can access the admin folder. Supports individual IPs and CIDR notation for ranges.
Combined Mode — Use both methods together for maximum security. Whitelisted IPs can optionally bypass the password prompt.
Setup
- Go to the Admin Protection tab
- Choose your protection mode
- For Basic Auth: set a username and password
- For IP Whitelisting: add your IP address(es)
- Click Enable Protection
How It Works
The module manages .htaccess and .htpasswd files in your admin directory. All configuration is done through the module UI — no manual server editing required.
- Works on Apache out of the box
- Nginx users need equivalent configuration in their server block (instructions provided)
- The module auto-detects your current IP for easy whitelisting
Options
- Skip Password for Whitelisted IPs — In combined mode, IPs on the whitelist can access admin without the Basic Auth password prompt
- Easy Toggle — Enable or disable protection with a single click without losing your configuration
Important Notes
- Always whitelist your own IP before enabling IP-only protection to avoid locking yourself out
- If you get locked out, FTP/SSH into your server and remove the
.htaccessrules from the admin directory - Basic Auth credentials are stored using Apache's
htpasswdformat (bcrypt hash)