May 17 2012 11:48:04
Nick Jones | Founder of PHP-Fusion
Navigation
Last Seen Users
J_K_NIELSEN00:24:40
volt12300:52:54
darans00:53:11
Acert01:27:03
michi01:50:33
LukeWarm01:54:35
Dave9202:32:39
KasteR02:36:29
colber02:54:07
rubberdark04:01:08

Members: 25,040
Newest: Dave92
Downloads v7
Currently popular Downloads
FusionBoard 4 6351
Video Gallery 4524
Video Infusion 4019
Photoalbum Mass U... 3499
Professional Down... 3403
Avatar Studio 3338
XHTML mod for mod... 3186
Button panel 2703
60 Animated smileys 2610
VArcade 2.1 2532

Latest Downloads

Code Snippets v1.10 8
Video Infusion Pro 84
Who Is Where 16
Facebook Login/Register 62
Yolks Smiley Pack 56
SWTOR Recruiting Panel 25
NeoBlog Theme 28
Code Snippets 9
FAQ Panel 15
Download Plus Panel 32

Latest 100
Downloads v6
Currently popular Downloads
Banner System v2.0.4 2269
Video Gallery 1560
Extreme Theme Editor 1257
Fuzed Shoutbox 1066
Seoname.php 1016
Icon Package 2.0 879
Extended Profile ... 782
News.php 699
Tabbed welcome panel 646
EXTboard 583

Latest Downloads

Banner System v2.0.4 2269
Last comments 102
Language switcher panel 319
Admin Submission Panel 130
Admin private messag... 253
Google Sitemap Fast 144
ExtBoard 1.2 430
EXTboard 583
v6.01.18 - v6.01.19 74
v6.01.19 FULL 240

Latest 100
Latest Articles
Patch Re-captcha PHP...
A tour through the n...
Protect your Fusion ...
Change your database...
Admin Control Panel ...
How to Secure Your I...
Show Content by Defa...
v7 | Add social book...
v7 | Custom MySQL er...
How To: A PM after r...
v7 | SEO friendly UR...
v7 | SEO friendly UR...
Comments Advanced Vi...
Auto-redirect to the...
A tour through PHP-F...

View all articles
Admin Control Panel Protection

As you already know the admin panel can easily be accessed with an admin or super admin account. Admin and super admin accounts are one of many hacker targets.

I'm going to show you how to add easy but effective protection to your admin control panel using htacess and htpasswd. The nice thing about using htaccess and htpasswd is there are no back doors to retrieving username and passwords unlike php and js.


First create a .htaccess file. Also create a .htpasswd file which we will use later on. Make sure you put both of those files into the administration directory.

Add the following code to the .htaccess file...

AuthName "Admin Control Panel"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user

NOTE: Change the "/full/path/to/.htpasswd"
to the full path on your server where your .htpasswd file is located. If you do not know the full path contact your web host.

Next open the .htpasswd file that we created earlier (nothing in front of the dot). This file will contain the usernames and passwords for accessing the admin control panel.


Add the following code to the htpasswd file...

username:password

Change the username and password to the ones you desire to use. (do not use the same account info that your admin account has otherwise this tutorial is useless)

* Note: do not put your password in regular form, encrypt it at htaccesstools.com !

Simply add that code on a new line to add another username and password possibility.

Also don't forget to add the following code to the .htaccess file which will protect the htaccess file and htpasswd file itself.

<Files ".htaccess">
order allow,deny
deny from all
</Files>

<Files ".htpasswd">
order allow,deny
deny from all
</Files>

Congratulations you've just added more security to your admin panel. You will only need to login once when the pop up comes up when accessing the acp per browser session.

You will not regret doing this especially if your account is ever hacked, the hacker will only do minor damage like delete forum posts and etc. Remember the admin control panel is like the brain that operates and controls the content of the site, so lets keep its security protection high.

Besides this small security addon it's highly recommended to backup your site every x weeks. Whenever your websites gets more active make backups more frequent, this to prevent data loss!

Written by Brandon, a thanks to webadmin88 for extra information.
| Posted by Brandon on October 16 2008 · 4 Comments · 13995 Reads · Print
Comments
#1webadmin88 on October 18 2008 08:33:42
webadmin88
I have to disagree with this tutorial. When inserting the line in the .htpasswd file YOU SHOULD NOT use usernamePuh.assword, but ENCRYPTED password instead. The logic behind this encryption is hard so just use this method here:

http://www.htacce...generator/

Regards
#2snowneo on October 22 2008 20:08:25
snowneo
Very well written and informative.

Thanks!
#3Stic on July 11 2009 09:00:02
Stic
BIG thanks for guide
#4Stic on July 11 2009 10:02:48
Stic
You can allow known IPs to access the administration directory. Here is how I do it with .htaccess in administration folder:

Order Deny,Allow
Deny from all
allow from YOU IP

Just change YOU IP to your IP. You can find your IP here >> http://www.myip.x..., You can ofcourse add another "allow line" to above code, if you want to use the admin from multiple computers. Smile
Post Comment
Please Login to Post a Comment.
Ratings
Rating is available to Members only.

Please login or register to vote.
Awesome! Awesome! 67% [4 Votes]
Very Good Very Good 17% [1 Vote]
Good Good 0% [No Votes]
Average Average 0% [No Votes]
Poor Poor 17% [1 Vote]
Login
Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
Our Coders
Netrix
Smokeman
Elyn @ MrRusty
Diemux
Donate
Shoutbox
You must login to post a message.

quiki
17/05/2012 00:59
spam cleaned up

skpacman
16/05/2012 05:55
I deleted forum posts but I don't have user banning or shoutbox editing permission or I would take care of those too...

Leonardo
15/05/2012 02:33
andredrake , Silvie Spam!! Confused perde

naka
03/05/2012 22:00
El-nino.ugu.pl <---- Fanpage Fernando Torres PL / ENG

abithecat
03/05/2012 21:34
Hi, everybody, it's been a while, since I was here...

Kurda80
01/05/2012 06:13
Bye!hi

valentine
28/04/2012 08:35
tomeck there is one in the downloads here check it out

Leonardo
23/04/2012 07:03
This is the theme of the site joga the theme of perde perde

tomeck
22/04/2012 16:12
Hello, i need facebook login for fusion 7.01.5 can you help me ? Thumb Up!

DJOBARZIQ2
21/04/2012 11:05
How i can disable the right click option in all pages over the site?
Member Poll
Which version of PHP-Fusion are you using?









You must login to vote.
Advertiser
One-click Translation
Translate This Site
Online Stats
Guests online: 5
Members online:
no members online

registered members: 25040
newest member: Dave92
user today: 3658
user online: 5
Max. onlinerecord: 86
Max. per day: 32490
user yesterday: 4992
user month: 137487
Entire users: 3839370
last 24h:
























In memoriam

Nick Jones
1973-2011
Render time: 2.47 seconds - 89 Queries 17,998,720 unique visits
Copyright © 2007 - 2012 PHPFusion-mods.net

Valid XHTML 1.0 Transitional



Powered by PHP-Fusion copyright © 2002 - 2012 by Nick Jones.
Released as free software without warranties under GNU Affero GPL v3.
Running on v7.01.xx PHPFusion-mods.net Special Edition