Issue with .htaccess/.htpasswd_oscommerce

[surrfman 2]

Admin panel states I have a properly configured installation, yet go to configuration/administrators, there is the dreaded pink box stating can't write .htaccess/.htpassword_oscommerce files to the web server, along with red radio dials indicating admins are not protected. Tried changing the admin passwords to invoke the checkbox allowing the password protection, there is no checkbox, just admin ID name and new password. Tried adding an additional admin ID name, got same no checkbox for password protection issue, How can this be remedied? Using the Mindsparx admin panel, is there a different location for password protection using this panel? Ran the site secure test on oscommerce-solution website, comes back as secure. This was all good as of 2/18/2016 7:30am ET sitemonitor/ hacker test reports. Approximately 1:00pm same date, was hacked by a paypal redirect to some hack with a domain origin of Turkey. I have changed back the payment direct hack, renamed the previously renamed admin file, working on looking at all other files. Is their something this hack could have done to prevent password protection? What would be a prudent course of action?

 

Oh yeah, sitemonitor stopped link to payment processor (PP,) by changing back to correct payment address, does this allow payment processing to resume, are other actions needed?   

 

 Thanks a lot Guys & Gals!

 

    Timmy C