Home

Your premium source for custom modification services for phpBB

  logo

HomeForumsBlogMOD ManagerFAQSearch Log in

The phpBB Doctor is currently available for private clients only. At this time we are not accepting any new work until we can clear out our current backlog. Thank you for your patience.

 

[How To] Protect your Admin Folder with .htaccess (Apache)


 
Register or Login to Post    ForumsPrescriptions
View previous topic :: View next topic  
Author Message
phpbbDoctor
Site Admin


Joined: 12 Apr 2005

Posts: 269

None Selected

Post Subject: [How To] Protect your Admin Folder with .htaccess (Apache)
Sat Apr 30, 2005 12:08 am

On many hosts one of the easiest things to do to protect your board is set up an additional layer of password for your admin folder. Apache provides a mechanism implemented via text files named .htaccess that makes it extremely simple to do. And if your host uses CPanel (or some other equivalent) then you may be able to do this right from the comfort of a nice interface. Cool

Here's how we protected the admin folder at the phpBB Doctor site. First, log on to CPanel and find the following icon:


Selecting that icon will take you to a directory listing. Here's a sample from our server, showing the Admin folder with a lock icon already. That lock icon will not be present if you are just getting started.


Once you have selected the appropriate folder, the next screen that comes up allows you to enter the security information.

The screen shot above shows that we have checked the box to activate the protection, which is good. Even better is that we've created a username that has access to that folder! Smile Without this step you've locked the door without first creating a key. Don't worry, you can still come back via CPanel and create a username later on.

There is a text box (not circled) where you can type in some text that will be displayed on the password prompt box. In our case, we've entered Authentication Required. This doesn't do anything except appear as text on the login box.

The last thing to do is create a username and password. The screen shows that a username Admin has been given access to this folder. By the way, this is just a sample... the real username is, of course, much harder to guess.

Once the username and password have been configured via CPanel, it's time to test. Log in to your board as the site administrator and click the admin link. If everything was done correctly, you'll see something like this:



The text you entered is displayed at the top of the dialog box, and you are required to enter a valid username and password before you can use any resources from that folder. This process sets a cookie that is valid as long as your browser window stays open, so you can go in and out of your admin panel as often as you like. Close the browser window and your session is gone.

User Names and Passwords
This is a very simple way to protect your admin panel. It will, however, fail to serve any purpose if you simply use the same username and password that you use on your board. For the truly paranoid, you should have different usernames and different passwords for your server login, your database account, your phpBB site administrator, and your .htaccess information. Yes, it is a pain to manage all of those accounts. But each different account provides one more roadblock to a would-be hacker that wants to terminate your board. Cool
Back to top
Display posts from previous:   
Register or Login to Post    ForumsPrescriptions
Page 1 of 1 All times are GMT - 5 Hours

 
Jump to:  

HomeForumsMOD ManagerFAQSearch Register Log in
Not endorsed by or affiliated with the phpBB Group
Powered by phpBB © phpBB Group
Terms of Service
Web design by MomentsOfLight.com logo