You can configure exceptions to backend protection. This will allow direct access without adding the secret key. This is valid, for instance, for some CiViCRM files, which need direct access to work.

Once you have configured your values, you can choose any of the following options:

  • Delete .htaccess

Use this option to delete your current .htaccess file (this option will not appear if there is no .htaccess file).

  • Protect

This option will create a backup of your current .htaccess file (named .htaccess.backup), delete the current .htaccess file and create a new .htaccess file in your root path using the configured values. If all options are set to 'No', a default .htaccess file will be created.

  • Save & Close

Save your changes and go to Control Panel.

  • Save

Save your changes. You have to use this option before using 'Protect' if you have made a change. If you make changes and don't save them, they will not be applied. If an option has been applied to the current .htaccess file, you will see the following info:


Depending on your web server settings, some of these options may be incompatible with your site. In this case you will get a blank page or an Internal Server Error 500 error page when trying to access any part of your site. If this happens, you have to remove the .htaccess file from your site's root directory using an FTP application or the File Manager feature of your hosting control panel. Your old .htaccess file is saved as .htaccess.backup. You can rename that file back to .htaccess to revert to the last known good state. If you are unsure how this works, please consult your host before trying to create a new .htaccess file using this tool.

We strongly suggest that you begin by setting all options to 'No' and then enable them one by one, creating a new .htaccess file after you have enabled each one of them. If you bump into a blank or error page you will know that the last option you tried is incompatible with your host. In that case, remove the .htaccess file, set the option to 'No' and continue with the next one. Unfortunately, there is no other way than trial and error to deduce which options may be incompatible with your server.