MN Forum

Full Version: Protect your Admin panel
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Find in admin-panel/login.php
Code:
Hidden content for guests

After add

Code:
Hidden content for guests

This will redirect anybody that tries to access /admin-panel to main website index. (You as admin, will can access it by normal area to start the session then access /admin-panel or by the link provided in the footer.)

I had during last week a very bad time 74 failed attempts to admin panel. So i found this easy way to keep them away.

And i also recommend to set a minimum of 32 characters password with random generators.

Dani
i have somehing like this
Code:
Hidden content for guests
and if some unlogged user is trying to /admin-panel he see 404 page
(03-22-2015, 08:13 AM)treicadani Wrote: [ -> ]Hidden content for guests

Thanks a lot! I have added!
@kasabezwysilku

You don't want to route the users to dead-end pages, because dead-end page = no further to go except back home so you'd better re-route them to your home instead a dead-end.

Dani
treicadani great post but there is a slight issue if admin is doing work on the page and its in maintenance mode then admin cant log in not sure if there is away around it good idea though

I think i might have to lock t to my ip instead or i suppose we could just password protect it in cpanel just must remember to alter it if you change isp or move lol here is the thread http://forum.mn-shop.com/thread-admin-cp-security.html

Thanks for your work

gareth
Hi,

If you will to ip lock down you must ensure you are under a fixed ip otherwise you'll run into troubles.

You know you could play with admin panel directory?
As is not connected to the frontend you could give it a new path / name.

What i'm doing is during the maintenance i just comment out the code until i finish and is hard to get to the admin panel as is on another domain connecting to mysql still localy through the file system path as is on the same machine. Dirty but more efficient.

Dani
Sample create .access file
create with notepad and insert admin.panel folder
insert that code with notepad
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist 192.168.1.1
allow from 127.0.0.1
insert your ip and work fine, or lock and unclock like .access.bak from ftp
</LIMIT>