Limiting Access to Admin folder via .htaccess

Some CMS have admin folder. It’s an important folder because it has all the files that deal with administration. If the security of the files in it is compromised, bad things can happen.

One effective option to reducing the risk of a security breach on the Admin folder is by limiting the IP addresses that can access it via an htaccess file. This is for Apache Web Servers.

Creat a new blank documentin your favorite text our source code editor. Save that file with the name : .htaccess

1. Find your IP address via this site, What is My IP Address

2. Place the following directives in .htaccess file


AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Admin Access Control"
AuthTypeBasic
<LIMIT GET>
order deny, allow
deny from all
#white list IP
allow from xxx.xxx.xxx.xxx
</LIMIT>

3. Upload .htaccess file to Admin folder. Do not upload it to root folder

This option is nice and tightens the security, but its’ inconvenient if you work from multiple locations with different IP addresses or non-static IP environment

%d bloggers like this: