Guest Posted April 10, 2008 Posted April 10, 2008 Can anyone please give me a simple solution to secure the admin area in plain english? I have been trying for days now and cannot get any of the secure admin contributions to work. I have tried .htaccess and I have tried third party applications. Non of them are working. Surely people are not leaving their admin areas open for the public. There has got to be a simple way to do this. What are you doing to secure this area from the public? Anyone know of a URL for a good tutorial to fix this problem? Server Setup: Linux Apache Mysql
Guest Posted April 10, 2008 Posted April 10, 2008 First see if you can set up .htaccess through your webhost, The link below may be helpful as well http://www.javascriptkit.com/howto/htaccess3.shtml
insaini Posted April 10, 2008 Posted April 10, 2008 how exactly do you want to secure your admin area.. as far as I know.. anyone can access my admin login page provided they can find which directory its located in.. but they would have to know an administrative password inorder to access it.. As far as I know.. there are three ways you can secure it .. .htaccess .. you can setup some form of basic html authentication that will ask for a username and password before they can even see the login page itself.. admin directory location .. some cryptic directory name for your admin folder like /Xj2ZZ34L/ or whatever.. firewall setting .. where only someone from a specific IP (or DNS maybe using Reverse DNS Lookup?) can access the folder.. any other ways? of course im sure you already have an admin password setup in your database and SSL setup to secure communications between your browser and the server..
Guest Posted April 10, 2008 Posted April 10, 2008 how exactly do you want to secure your admin area.. as far as I know.. anyone can access my admin login page provided they can find which directory its located in.. but they would have to know an administrative password inorder to access it.. As far as I know.. there are three ways you can secure it .. .htaccess .. you can setup some form of basic html authentication that will ask for a username and password before they can even see the login page itself.. admin directory location .. some cryptic directory name for your admin folder like /Xj2ZZ34L/ or whatever.. firewall setting .. where only someone from a specific IP (or DNS maybe using Reverse DNS Lookup?) can access the folder.. any other ways? of course im sure you already have an admin password setup in your database and SSL setup to secure communications between your browser and the server.. I would like to use the .htacces. It is the easiest I think. But everytime I put 1 or 2 lines of code it screws everything up. Right now you could just browse to the admin/index page on my site and get in. Right now I am even thinking about just renaming the admin directory to something crazy like a83k393k49dk38. That would make it hard enough for someone to find the admin index page and would provide enough security I guess. But if I rename the directory it screws everything else. I have gone to the config file to rename the new path for the admin directory but it still doesn't work. It just seems so strange that there is not a simple fix.
Guest Posted April 10, 2008 Posted April 10, 2008 I just found out my problem with renaming the directory. There are two lines of code that reference the /admin directory. I was only changing the one. I have now got the admin directory changed to some crazy number and letter combination. But additionally I would like to add the .htaccess password protection. This is my .htaccess file code AuthUserFile /home/content/p/a/t/path/to/directory/hidden/.htpasswd AuthGroupFile /dev/null AuthName Restricted Access AuthType Basic <Limit GET> require user myusernameishere </Limit> This is my htpasswd file myusernameishere:myencryptedcodeishere I placed it here /home/content/p/a/t/path/to/directory/hidden/.htpasswd I have loaded the .htaccess into the protected directory. Then I loaded a html file into that directory. When I browse to the directory I get this error message Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. //I have no access to the server logs
insaini Posted April 10, 2008 Posted April 10, 2008 I just found out my problem with renaming the directory. There are two lines of code that reference the /admin directory. I was only changing the one. I have now got the admin directory changed to some crazy number and letter combination. But additionally I would like to add the .htaccess password protection. This is my .htaccess file code AuthUserFile /home/content/p/a/t/path/to/directory/hidden/.htpasswd AuthGroupFile /dev/null AuthName Restricted Access AuthType Basic <Limit GET> require user myusernameishere </Limit> This is my htpasswd file myusernameishere:myencryptedcodeishere I placed it here /home/content/p/a/t/path/to/directory/hidden/.htpasswd I have loaded the .htaccess into the protected directory. Then I loaded a html file into that directory. When I browse to the directory I get this error message Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. //I have no access to the server logs Are you using a webhost provider like godaddy or something.. that provides you will tools.. i know my host provides a tool that will allow protecting directories.. you could rename your directory to whatever.. and if your host does provide a similar tool.. use that through their hosting interface to protect your admin area with a login/pass .. im sure that is the easiest method..
Recommended Posts
Archived
This topic is now archived and is closed to further replies.