Admin Tools administrator password protection issues

Help! I am locked out of my site's administrator area!

This feature works by placing two file, .htaccess and .htpasswd inside your site's administrator directory. If you forget the username/password you used for this feature and you are locked out of your site, please follow this procedure:

  1. Using your favourite FTP application, e.g. FileZilla or CyberDuck, log into your site and go into your site's root

  2. Go inside the administrator directory


    DO NOT SKIP THIS STEP or you will be removing the wrong file, causing a big problem on your site (especially if you're using SEF URLs).

  3. Remove both the .htaccess and .htpasswd files. If you do not see those files, create two empty text files in your computer, rename them to .htaccess and .htpasswd and upload them.

I enabled this feature and now the front-end of my site asks me for a username and password?!

This is not a bug in Admin Tools, but a problem with one of the extensions (components, modules or plugins) you are using.

More specifically, Joomla! extensions are not supposed to load anything from the administrator area of your site in the front-end. However, some badly written extensions try to access static media files (CSS, Javascript, images) from directories inside the administrator directory. On notorious example is the Zoo CCK extension. Since all of the contents of your administrator directory are protected with a username/password, your browser will prompt you for one as soon as it is instructed to download a file from that protected directory or any of its subdirectories.

There are two workarounds:

  1. Disable the administrator password protection. This degrades your site's security but is the easiest and most immediate change.

  2. Consult the developer of the offending extension and explain to him that loading files from the administrator area of the component in the front-end of the site is insecure and he has to resolve this issue. Hopefully, developers will realize that this practice is unsafe and fix their software.