It is preferable to protect the Mautic login page against unauthorized login attempts, SQL injection attempts or attempts to discover the administrator password using a brute force attack script.
The best way is to use 2nd authentication via an htpasswd file to prevent access to the login page of your Mautic installation.
This tutorial works for apache 2.4
Step 1
Create a .htpasswd file
Following command will creates a new file and stores a record in it for user jerry. The user is prompted for the password. If the file exists and cannot be read, or cannot be written, it is not altered and htpasswd will display a message and return an error status.
# htpasswd -c /etc/apache2/.htpasswd jerry
Step 2
In your VirtualHost from your config file: /etc/apache2/sites-available/mautic.conf
Write this:
<Location /s/login>
AuthUserFile /etc/apache2/.htpasswd
AuthName "Username and password required"
AuthType Basic
Require valid-user
</Location>
The complet version:
<VirtualHost *:443>
DocumentRoot /var/www/html/mautic
ServerName mautic.domaine.com
<Location /s/login>
AuthUserFile /etc/apache2/.htpasswd
AuthName "Username and password required"
AuthType Basic
Require valid-user
</Location>
<Directory /var/www/html/mautic/>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Step 3
Check your config apache
# apachectl configtest
# Syntax OK
Step 4
Restart apache2
# systemctl restart apache2