{"id":78,"date":"2011-03-31T13:24:07","date_gmt":"2011-03-31T13:24:07","guid":{"rendered":"http:\/\/pixert.com\/blog\/?p=78"},"modified":"2011-11-10T11:49:30","modified_gmt":"2011-11-10T11:49:30","slug":"limiting-access-to-admin-folder-htaccess","status":"publish","type":"post","link":"https:\/\/pixert.com\/blog\/limiting-access-to-admin-folder-htaccess\/","title":{"rendered":"Limiting Access to Admin folder via .htaccess"},"content":{"rendered":"

\"\"<\/a>Some CMS have admin folder. It’s an important folder because it has all the files that deal with administration. If the security of the files in it is compromised, bad things can happen.<\/p>\n

One effective option to reducing the risk of a security breach on the Admin folder is by limiting the IP addresses that can access it via an htaccess file. This is for Apache Web Servers.<\/p>\n

Creat a new blank documentin your favorite text our source code editor. Save that file with the name : .htaccess<\/p>\n

1. Find your IP address via this site, What is My IP Address<\/a><\/p>\n

2. Place the following directives in .htaccess file<\/p>\n

\r\n\r\nAuthUserFile \/dev\/null\r\nAuthGroupFile \/dev\/null\r\nAuthName "Admin Access Control"\r\nAuthTypeBasic\r\n<LIMIT GET>\r\norder deny, allow\r\ndeny from all\r\n#white list IP\r\nallow from xxx.xxx.xxx.xxx\r\n<\/LIMIT>\r\n\r\n<\/pre>\n
3. Upload .htaccess file to Admin folder. Do not upload it to root folder<\/p>\n
This option is nice and tightens the security, but its’ inconvenient if you work from multiple locations with different IP addresses or non-static IP environment<\/p>\n","protected":false},"excerpt":{"rendered":"
Some CMS have admin folder. It’s an important folder because it has all the files that deal with administration. If the security of the files in it is compromised, bad things can happen. One effective option to reducing the risk of a security breach on the Admin folder is by limiting the IP addresses that […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[40,5],"tags":[49,6,7,44],"class_list":["post-78","post","type-post","status-publish","format-standard","hentry","category-web-apps","category-wordpress","tag-htaccess","tag-wordpress-2","tag-wp","tag-wp-admin"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1pvi1-1g","jetpack-related-posts":[{"id":86,"url":"https:\/\/pixert.com\/blog\/protect-htaccess-file\/","url_meta":{"origin":78,"position":0},"title":"Protect .htaccess file","author":"Pixel Insert \/ Pixert","date":"April 5, 2011","format":false,"excerpt":"When avisitor tries to obtain access to .htaccess file, server automatically generates a 403 forbidden error. However, we can apply an extra layer of security to .htaccess Add the following [text] # Protect the htaccess file  Order Allow,Deny Deny from all <\/Files> [\/text] Note: htaccess file permissions is\u2026","rel":"","context":"In "CentOS"","block_context":{"text":"CentOS","link":"https:\/\/pixert.com\/blog\/category\/centos\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/pixert.com\/blog\/wp-content\/uploads\/2011\/03\/lock-150x150.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":111,"url":"https:\/\/pixert.com\/blog\/how-to-disable-directory-browsing\/","url_meta":{"origin":78,"position":1},"title":"How to disable directory browsing?","author":"Pixel Insert \/ Pixert","date":"June 3, 2011","format":false,"excerpt":"One of the must do on setting a secure Apache webserver is to disable directory browsing. This could prevent the server from showing a listing of the existing files if there's no index in one folder. Disable directory browsing via .htaccess Add in the .htaccess file the following [bash] Options\u2026","rel":"","context":"In "CentOS"","block_context":{"text":"CentOS","link":"https:\/\/pixert.com\/blog\/category\/centos\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/pixert.com\/blog\/wp-content\/uploads\/2011\/03\/feather-small.gif?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":358,"url":"https:\/\/pixert.com\/blog\/increase-file-upload-size-wordpress\/","url_meta":{"origin":78,"position":2},"title":"Increase File Upload Size WordPress","author":"Pixel Insert \/ Pixert","date":"April 17, 2014","format":false,"excerpt":"We see this error when we upload a file that bigger\u00a0than upload limit size , the error look like this \"exceeds the maximum upload size for this site\" The web hosting company may set \u00a0limit to file upload size, fortunately we could workaround this problem and increase file upload size\u2026","rel":"","context":"In "WordPress"","block_context":{"text":"WordPress","link":"https:\/\/pixert.com\/blog\/category\/wordpress\/"},"img":{"alt_text":"fileuploadsize","src":"https:\/\/i0.wp.com\/pixert.com\/blog\/wp-content\/uploads\/2014\/04\/fileuploadsize.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/pixert.com\/blog\/wp-content\/uploads\/2014\/04\/fileuploadsize.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/pixert.com\/blog\/wp-content\/uploads\/2014\/04\/fileuploadsize.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":254,"url":"https:\/\/pixert.com\/blog\/redirect-old-domain-to-new-domain\/","url_meta":{"origin":78,"position":3},"title":"Redirect Old Domain to New Domain","author":"Pixel Insert \/ Pixert","date":"July 14, 2012","format":false,"excerpt":"How to redirect old domain to new domain through .htaccess? You should add this code in .htaccess file Method no 1 [text] Options +FollowSymLinks RewriteEngine on RewriteRule (.*) http:\/\/www.newdomain.com\/$1 [R=301,L] [\/text] Method no 2 [text] Redirect 301 \/ http:\/\/www.newdomain.com\/ [\/text]","rel":"","context":"In "Code Snippet"","block_context":{"text":"Code Snippet","link":"https:\/\/pixert.com\/blog\/category\/code-snippet\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":62,"url":"https:\/\/pixert.com\/blog\/how-to-disable-phpinfo\/","url_meta":{"origin":78,"position":4},"title":"How to disable phpinfo","author":"Pixel Insert \/ Pixert","date":"March 22, 2011","format":false,"excerpt":"The phpinfo() function is a very powerful one, \u00a0you can learn quite a lot about your PHP installation.\u00a0Some server administrators may choose to disable the PHP function phpinfo() for security reasons, because it displays information which can be used to compromise the server that your site is running on. You\u2026","rel":"","context":"In "CentOS"","block_context":{"text":"CentOS","link":"https:\/\/pixert.com\/blog\/category\/centos\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/pixert.com\/blog\/wp-content\/uploads\/2011\/03\/php.gif?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":195,"url":"https:\/\/pixert.com\/blog\/redirect-certain-pages-from-http-to-https-with-htaccess\/","url_meta":{"origin":78,"position":5},"title":"Redirect certain pages from http to https with .htaccess","author":"Pixel Insert \/ Pixert","date":"February 10, 2012","format":false,"excerpt":"The following trick is useful for E-Commerce sites. \u00a0We only need few pages redirected to https to secure transaction This will automatically rewrite the url to https as long as the page is not already an https link. This conditional keeps it from causing a loop. It's very handy to\u2026","rel":"","context":"In "WordPress"","block_context":{"text":"WordPress","link":"https:\/\/pixert.com\/blog\/category\/wordpress\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/pixert.com\/blog\/wp-content\/uploads\/2011\/03\/wordpresslogo-300x68.png?resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/pixert.com\/blog\/wp-json\/wp\/v2\/posts\/78","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pixert.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pixert.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pixert.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pixert.com\/blog\/wp-json\/wp\/v2\/comments?post=78"}],"version-history":[{"count":0,"href":"https:\/\/pixert.com\/blog\/wp-json\/wp\/v2\/posts\/78\/revisions"}],"wp:attachment":[{"href":"https:\/\/pixert.com\/blog\/wp-json\/wp\/v2\/media?parent=78"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pixert.com\/blog\/wp-json\/wp\/v2\/categories?post=78"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pixert.com\/blog\/wp-json\/wp\/v2\/tags?post=78"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}