Best Way to Secure Your AdminCP

[Carlos B]

Weatherz submitted a new resource:

Best Way to Secure Your AdminCP (version 1.0) - Learn How to Secure Your AdminCP by IP Whitelisting

I have found that this is the absolute best way to secure your AdminCP. It's a simple code that is added to the top of your admin.php file.

Basically what it does, is if a person's IP address isn't whitelisted, it automatically redirects them to any chosen URL, which is impossible to get passed (unless editing the file obviously)

This isn't very practical if your Administators log in from several different IP's or their IP's change frequently, so make sure you talk it over with anyone that...

Read more about this resource...

 

[Floris]

People who don't know what their IP is; http://www.whatismyip.com/

 

[Carlos B]

People who don't know what their IP is; http://www.whatismyip.com/

Thank you I completely forgot about that! I have added it to the article

 

[Floris]

I was hoping this would also include .htaccess / .htpasswd instructions for Apache users to protect the admin.php file. Here's a site I use to create a user/pass .htaccess / .htpasswd file for admin.php http://www.tools.dynamicdrive.com/password/

Also, for security reasons, it is a good policy when you are about to upgrade, that after you have backed up to change the administrator password, and to check your config.php; Make sure debug is turned off for example.

 

[slowreflex]

Can you use wildcards in your IP restrictions?

 

[Hackfall]

What a simply simple idea. Its like a mini firewall for your control panel.