Password protect the Admin folder / admin path with htaccess

[Chris van der Westhuizen]

Hi All.  When I normally want to protect a folder with a password popup I just add an .htaccess file to that folder containing the standard code. 
But in this case in Blesta it is a virtual path that we setup to be e.g. https://my.domain.com/blesta/manage to go to the admin.

Should I add the .htaccess in /var/www/html/blesta/app/views/admin/default/ maybe?

[Paul]

You'll have to add to the standard .htaccess file before every request is routed to index.php, checking for the URI (/blesta/manage/ if that's where your route points). I don't have an example, but it wouldn't be difficult to find one.

I would highly recommend instead, just doing the following:

1. Use a route that is not easy to guess, consider changing it periodically
2. Most importantly. Have ALL Staff use 2FA. You can download the Google Authenticator for iOS and Android, and use that. Nobody will be able to login as you, even if they had your username and password.

[Blesta Addons]

if you have admin tools installed, you can change the admin route from admin side without touching the blesta files.

for htaccess not sure if the statement location will work for you .