January 07 2009 21:01:00
PHPFusion-mods.net | Your PHP Fusion resource
Navigation
Last Seen Users
mttrollOnline
spunkOnline
ytterx< 5 mins
jamal< 5 mins
Diemux< 5 mins
winloze9900:06:01
Bigjakez00:09:06
Paslaptinga00:10:19
Datalus00:15:23
neocortex2k700:19:47

Guests Online: 0
Registered Members: 3,667
Newest Member: spunk
Downloads v7
Currently popular Downloads
Professional Down... 553
Extended Profile 511
FusionBoard 4 486
Photoalbum Mass U... 476
Avatar Studio 464
HighSlide Gallery... 418
Photo in Profile 403
VArcade 1.7 395
Wap Mod 365
Who Is Online Adm... 345

Latest Downloads

Virus Scan Panel 0
Translate Panel 9
Profile Tabs 11
EbayList 2
Navigation Panel 9
User Stat Panel 3
Avatar Studio 464
Advanced Forum Threa... 19
Custom Panel Control 200
Online Users Extend ... 8
Downloads v6
Currently popular Downloads
Video Gallery 379
EXTboard 363
Extreme Theme Editor 343
Icon Package 2.0 292
Banner System v2.0.4 284
Tabbed welcome panel 283
Fuzed Shoutbox 277
Extended Profile ... 276
News.php 266
Header Banner System 221

Latest Downloads

Login Redirect 1
Mod "index.php + mod... 2
Base Games 2
Banner exchange system 3
Poll with comments a... 91
Media Streamer 5
v6.01.18 FULL 16
v6.01.16 - v6.01.17 44
v6.01.15 - v6.01.16 2
v6.01.17 - v6.01.18 9
Provider
PHPfusion-mods.net is hosted at:

110MB
Online Stats
Guests online: 5
Members online:
mttroll, spunk
registered members: 3667
newest member: spunk
user today: 1359
user online: 7
Max. onlinerecord: 43
Max. per day: 5705
user yesterday: 4296
user month: 33837
Entire users: 107620
last 24h:
























Admin Control Panel Protection

As you already know the admin panel can easily be accessed with an admin or super admin account. Admin and super admin accounts are one of many hacker targets.

I'm going to show you how to add easy but effective protection to your admin control panel using htacess and htpasswd. The nice thing about using htaccess and htpasswd is there are no back doors to retrieving username and passwords unlike php and js.


First create a .htaccess file. Also create a .htpasswd file which we will use later on. Make sure you put both of those files into the administration directory.

Add the following code to the .htaccess file...

AuthName "Admin Control Panel"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user

NOTE: Change the "/full/path/to/.htpasswd"
to the full path on your server where your .htpasswd file is located. If you do not know the full path contact your web host.

Next open the .htpasswd file that we created earlier (nothing in front of the dot). This file will contain the usernames and passwords for accessing the admin control panel.


Add the following code to the htpasswd file...

username:password

Change the username and password to the ones you desire to use. (do not use the same account info that your admin account has otherwise this tutorial is useless)

* Note: do not put your password in regular form, encrypt it at  htaccesstools.com !

Simply add that code on a new line to add another username and password possibility.

Also don't forget to add the following code to the .htaccess file which will protect the htaccess file and htpasswd file itself.

<Files ".htaccess">
order allow,deny
deny from all
</Files>

<Files ".htpasswd">
order allow,deny
deny from all
</Files>

Congratulations you've just added more security to your admin panel. You will only need to login once when the pop up comes up when accessing the acp per browser session.

You will not regret doing this especially if your account is ever hacked, the hacker will only do minor damage like delete forum posts and etc. Remember the admin control panel is like the brain that operates and controls the content of the site, so lets keep its security protection high.

Besides this small security addon it's highly recommended to backup your site every x weeks. Whenever your websites gets more active make backups more frequent, this to prevent data loss!

Written by Brandon, a thanks to webadmin88 for extra information.
| Posted by Brandon on October 16 2008 21:26:27 · 2 Comments · 1183 Reads · Print
Comments
#2snowneo on October 23 2008 11:08:25
Very well written and informative.

Thanks!
#1webadmin88 on October 18 2008 23:33:42
I have to disagree with this tutorial. When inserting the line in the .htpasswd file YOU SHOULD NOT use usernamePuh.assword, but ENCRYPTED password instead. The logic behind this encryption is hard so just use this method here:

http://www.htacce...generator/

Regards
Post Comment
Please Login to Post a Comment.
Ratings
Rating is available to Members only.

Please login or register to vote.
Awesome! Awesome! 33% [1 Vote]
Very Good Very Good 33% [1 Vote]
Good Good 0% [No Votes]
Average Average 0% [No Votes]
Poor Poor 33% [1 Vote]
Login
Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
Our Coders
Rizald 'Elyn' Maxwell
Diemux
Donate

Affiliates:
Venue
Shoutbox
You must login to post a message.

chonghua
07/01/2009 03:37
issue solved on thread list..

chonghua
07/01/2009 03:20
error on advanced thread list panel ...

chonghua
07/01/2009 02:28
Thanks diemux! no bugs on my online extend panel?

shustas
06/01/2009 19:10
Oh ye, I forgot it's name. Thanks

Diemux
06/01/2009 19:05
Download here.

shustas
06/01/2009 18:54
where is that infusion for welcome tabs panel like on this site?

Smokeman
06/01/2009 18:43
@Diemux: PM for you.

ytterx
06/01/2009 18:37
just infused doesn't work... rc1 or rc2..

Diemux
06/01/2009 18:36
Done Smile

ytterx
06/01/2009 17:56
@diemux: plz update v7_00-custom-panel
s-control >> http://www.phpfus...p;pid=
3412
Advertiser
One-click Translation
Translate This Site
Render time: 0.25 seconds 482,685 unique visits
Copyright © 2007 PHPFusion-mods.net

Valid XHTML 1.0 Transitional
Powered by PHP-Fusion copyright © 2002 - 2009 by Nick Jones.
Released as free software without warranties under GNU Affero GPL v3.
Running on v7.00.0x PHPFusion-mods.net Special Edition