Grav CMS can be used with an additional admin plugin to be able to administer the website without access to the actual file system.
This comes with potential danger, because whoever gains access to the admin plugin has unrestricted access to your Grav installation.
With the following .htaccess rule you can protect the admin area of Grav with a password.
Simply add the following content to your .htaccess file in the root directory of your Grav installation e.g. /home/username/public_html/.htaccess.
SetEnvIf REQUEST_URI "^/(admin)" PROTECTED
Deny from all
Allow from env=!PROTECTED
Create htpasswd file for authentication
In order to be asked for a password when accessing the admin page, you must first create an htpasswd file.
htpasswd -c /home/ae3/htpasswd username
username can be replaced by a user of your choice. This command will prompt to enter a random password.
The next time you visit the admin page at domain.tld/admin you will now be prompted to enter a user and password before the regular Grav login appears. Now we have an additional protection, which protects the complete admin area from unauthorized access.