To protect your administrator panel a bit more against hacking attempts, you can protect your administrator directory using htaccess files.
There are a few options available: restrict access by ip address and password protection
Restrict access by IP Address
If you are in the possession of a static IP Address it might be a wise idea to only allow access to the Joomla! administrator panel from that address. This can be easily done in the following way. Create an empty .htaccess file in your administrator directory. Put the following in it:
Order Deny,Allow
Deny from all
Allow from 10.0.0.150
Change 10.0.0.150 in your static internet ip address. You can also use partial IP Addresses: 10.0.0
When you visit the admin panel from any other address than the one in here, you will see a 403 Forbidden error. You can add multiple address by separating them by comma's: 10.0.0.150,10.0.0.151
Password protection
You can also create an extra barrier by adding password protection to your administrator directory. Some admin panels like webmin and cpanel support the creation of password protected directories through their admin panel. For others, these are the steps to follow:
Create an empty file .htaccess in your Joomla! administrator directory. Put the following in it:
AuthType Basic
AuthName "Joomla Administrator"
AuthUserFile /full/path/to/joomla/administrator/.htpasswd
require valid-user
Modify the /full/path/to/joomla to match where your site is.
Then create an empty file .htpasswd in the same directory. You will have to enter the user name and encrypted password in that file. An easy tool to create this line is: http://www.flash.net/cgi-bin/pw.pl. Enter the user name and password and click encrypt.
On the next page you will see the user name and password that will have to be put in the .htpasswd file:
admin:1M8rRxU7VA6Ic
Copy and past that line in your .htpasswd file and things should work. To add another user, encrypt the user name and password and put them on the line below the first one.
Sabtu, Juli 28, 2007
Securing your administrator directory using .htaccess files
Diposting oleh bnparte di 07.51
Kategori : Web Development
Langganan:
Posting Komentar (Atom)
3 komentar:
Speedy Techno
The man who has made up his mind to win will never say "impossible ".
--------------
Georg-August-University Goettingen
Excellent morning. I desired to publish you a quick comment to express my thanks. I have been studying your blog for a month or so and have picked up a huge amount of good information as very well as enjoyed the way in which you have setup your webpage. I am trying to run my personal weblog but I believe it is significantly very general. I would really like to concentrate a lot more on narrower subjects. Being all details to all men and women will not be all that its cracked nearly be. Numerous thanks.
Posting Komentar