I am a new here.
I am having problems to understand how to setup security here. I have read various documents about .htacccess and .htpasswd.
So, per default, the webroot (The directory which is accesible when some opens my host in his browser) contains 3 directories:
… and some directories, I have created, for example a Joomla Installation.
All these directories (except my Joomla administrator directory) are not protected.
Now, this means my host is wide open!
So, I do understand, that I can place appropriate .htaccess files. And, outside of the webroot, a .htpasswd file.
But how can place a .htpasswd outside of the webroot? If I access my host via FTP, I can only go into my webroot.
And, furthermore, I read that there is a tool for generating the .htpasswd, which I can execute via SSH. But I dont have credentials for SSH, nor do I know where and if I can access this tool?
What I am missing here?
Please, I need help urgently, I fear my host gets compromised…