11
Yes, using a range of IPs would help. Unless a hacker happens to be in the same range.
![](https://xoops.org/uploads/smil3dbd4d6422f04.gif)
Here's the entry in my .htaccess file that password-protects admin.php:
<Files "admin.php">
AuthType Basic
AuthName "Whatever"
AuthUserFile /path/to/your/password/file
require valid-user
Files>
The .htaccess file is located in the top-level XOOPS directory.
The password file is created/updated with the Apache htpasswd command.