Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Protect your Admin panel
#1
Find in admin-panel/login.php
Code:
Hidden content for guests

After add

Code:
Hidden content for guests

This will redirect anybody that tries to access /admin-panel to main website index. (You as admin, will can access it by normal area to start the session then access /admin-panel or by the link provided in the footer.)

I had during last week a very bad time 74 failed attempts to admin panel. So i found this easy way to keep them away.

And i also recommend to set a minimum of 32 characters password with random generators.

Dani
Quote:Hidden content for guests
Reply
#2
i have somehing like this
Code:
Hidden content for guests
and if some unlogged user is trying to /admin-panel he see 404 page
Reply
#3
(03-22-2015, 08:13 AM)treicadani Wrote: Hidden content for guests

Thanks a lot! I have added!
Reply
#4
@kasabezwysilku

You don't want to route the users to dead-end pages, because dead-end page = no further to go except back home so you'd better re-route them to your home instead a dead-end.

Dani
Quote:Hidden content for guests
Reply
#5
treicadani great post but there is a slight issue if admin is doing work on the page and its in maintenance mode then admin cant log in not sure if there is away around it good idea though

I think i might have to lock t to my ip instead or i suppose we could just password protect it in cpanel just must remember to alter it if you change isp or move lol here is the thread http://forum.mn-shop.com/thread-admin-cp-security.html

Thanks for your work

gareth
Reply
#6
Hi,

If you will to ip lock down you must ensure you are under a fixed ip otherwise you'll run into troubles.

You know you could play with admin panel directory?
As is not connected to the frontend you could give it a new path / name.

What i'm doing is during the maintenance i just comment out the code until i finish and is hard to get to the admin panel as is on another domain connecting to mysql still localy through the file system path as is on the same machine. Dirty but more efficient.

Dani
Quote:Hidden content for guests
Reply
#7
Sample create .access file
create with notepad and insert admin.panel folder
insert that code with notepad
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist 192.168.1.1
allow from 127.0.0.1
insert your ip and work fine, or lock and unclock like .access.bak from ftp
</LIMIT>
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Admin Panel - Useful Tweaks stevehead 0 1,904 02-20-2013, 11:46 PM
Last Post: stevehead

Forum Jump:


Users browsing this thread: 2 Guest(s)

About MN Shop

MafiaNet Shop is an online store where you can buy powerful scripts, cool templates, graphic components and many other digital goods.

              Quick Links

              User Links

              Advertise