Login

treicadani · 03-22-2015, 08:13 AM

Find in admin-panel/login.php

Code:
Hidden content for guests

After add

Code:
Hidden content for guests

This will redirect anybody that tries to access /admin-panel to main website index. (You as admin, will can access it by normal area to start the session then access /admin-panel or by the link provided in the footer.)

I had during last week a very bad time 74 failed attempts to admin panel. So i found this easy way to keep them away.

And i also recommend to set a minimum of 32 characters password with random generators.

Dani

kasabezwysilku · 03-22-2015, 11:21 PM

i have somehing like this

Code:
Hidden content for guests

and if some unlogged user is trying to /admin-panel he see 404 page

giadone · 03-23-2015, 02:13 AM

(03-22-2015, 08:13 AM)treicadani Wrote: Hidden content for guests

Thanks a lot! I have added!

treicadani · 03-23-2015, 08:49 AM

@kasabezwysilku

You don't want to route the users to dead-end pages, because dead-end page = no further to go except back home so you'd better re-route them to your home instead a dead-end.

Dani

gareth · (This post was last modified: 04-28-2015, 07:52 AM by gareth.)

treicadani great post but there is a slight issue if admin is doing work on the page and its in maintenance mode then admin cant log in not sure if there is away around it good idea though

I think i might have to lock t to my ip instead or i suppose we could just password protect it in cpanel just must remember to alter it if you change isp or move lol here is the thread http://forum.mn-shop.com/thread-admin-cp-security.html

Thanks for your work

gareth

treicadani · 04-28-2015, 04:57 PM

Hi,

If you will to ip lock down you must ensure you are under a fixed ip otherwise you'll run into troubles.

You know you could play with admin panel directory?
As is not connected to the frontend you could give it a new path / name.

What i'm doing is during the maintenance i just comment out the code until i finish and is hard to get to the admin panel as is on another domain connecting to mysql still localy through the file system path as is on the same machine. Dirty but more efficient.

Dani

dardan · (This post was last modified: 09-04-2015, 10:25 PM by dardan.)

Sample create .access file
create with notepad and insert admin.panel folder
insert that code with notepad
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist 192.168.1.1
allow from 127.0.0.1
insert your ip and work fine, or lock and unclock like .access.bak from ftp
</LIMIT>

Login
Username:
Password:	Lost Password?
	Remember me

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Admin Panel - Useful Tweaks	stevehead	0	1,850	02-20-2013, 11:46 PM Last Post: stevehead

About MN Shop

Quick Links

User Links

Advertise