Protect your Admin panel - Printable Version

Protect your Admin panel - Printable Version

+- MN Forum (http://forum.mn-shop.com)
+-- Forum: Products (http://forum.mn-shop.com/forum-products.html)
+--- Forum: Mods & Customisations (http://forum.mn-shop.com/forum-mods-customisations.html)
+--- Thread: Protect your Admin panel (/thread-protect-your-admin-panel.html)

Protect your Admin panel - treicadani - 03-22-2015

Find in admin-panel/login.php

Code:
Hidden content for guests

After add

Code:
Hidden content for guests

This will redirect anybody that tries to access /admin-panel to main website index. (You as admin, will can access it by normal area to start the session then access /admin-panel or by the link provided in the footer.)

I had during last week a very bad time 74 failed attempts to admin panel. So i found this easy way to keep them away.

And i also recommend to set a minimum of 32 characters password with random generators.

Dani

RE: Protect your Admin panel - kasabezwysilku - 03-22-2015

i have somehing like this

Code:
Hidden content for guests

and if some unlogged user is trying to /admin-panel he see 404 page

RE: Protect your Admin panel - giadone - 03-23-2015

(03-22-2015, 08:13 AM)treicadani Wrote: Hidden content for guests

Thanks a lot! I have added!

RE: Protect your Admin panel - treicadani - 03-23-2015

@kasabezwysilku

You don't want to route the users to dead-end pages, because dead-end page = no further to go except back home so you'd better re-route them to your home instead a dead-end.

Dani

RE: Protect your Admin panel - gareth - 04-28-2015

treicadani great post but there is a slight issue if admin is doing work on the page and its in maintenance mode then admin cant log in not sure if there is away around it good idea though

I think i might have to lock t to my ip instead or i suppose we could just password protect it in cpanel just must remember to alter it if you change isp or move lol here is the thread http://forum.mn-shop.com/thread-admin-cp-security.html

Thanks for your work

gareth

RE: Protect your Admin panel - treicadani - 04-28-2015

Hi,

If you will to ip lock down you must ensure you are under a fixed ip otherwise you'll run into troubles.

You know you could play with admin panel directory?
As is not connected to the frontend you could give it a new path / name.

What i'm doing is during the maintenance i just comment out the code until i finish and is hard to get to the admin panel as is on another domain connecting to mysql still localy through the file system path as is on the same machine. Dirty but more efficient.

Dani

RE: Protect your Admin panel - dardan - 09-04-2015

Sample create .access file
create with notepad and insert admin.panel folder
insert that code with notepad
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist 192.168.1.1
allow from 127.0.0.1
insert your ip and work fine, or lock and unclock like .access.bak from ftp
</LIMIT>