FateKid
DEVIL DID IT
Admin
Status
offline
Posts
15,024
Likes
133,659
Resources
3,400
Credits
532
LEVEL
11
5,910 XP
If you want to provide an extra layer of protection to
Protecting admin.php
To protect
Code:
The
Then create a corresponding
Protecting the /install directory
To protect the /install directory, create a new
Code:
In this case it is using the same
Protecting test and development installations
The XF license terms state that any test and development installations "must be limited to You and Your website staff".
Again, just place the following at the top of the existing
Code:
Set the user and password as explained above.
With it set at the root, it isn't necessary to set it for
Using IP address based protection instead of passwd
You can also use IP address protection instead of a
Code:
And this for the /install directory:
Replace
Additional allowed IP addresses can be added on a new line.
If you have a static IP address then this approach is fine. If it's dynamic however, you will need to constantly update the file every time it changes.
admin.php
, the /install
directory, and test & development installations, you can do so with .htaccess
authentication.Protecting admin.php
To protect
admin.php
, edit the .htaccess
file which is in your forum root directory (e.g. /community) and add the following to it:Code:
<Files admin.php>
AuthType Basic
AuthName "ACP"
AuthUserFile "path/to/passwd/file"
Require valid-user
</Files>
The
"path/to/passwd/file"
will look something like "/home/my-domain/.htpasswds/public_html/community/passwd"
.Then create a corresponding
passwd
file. This is how to do it using cPanel.- Log in to cPanel
- Click on Password Protect Directories
- Select Web Root
- Click on the forum root folder
- Check Password protect this directory
- Name it as "ACP"
- Click Save
- Create User
- Enter Username
- Enter Password
- Click on Add/modify authorised user
passwd
file will be created in /.htpasswds/public_html/<name_of_your_forum_root_folder>
.Protecting the /install directory
To protect the /install directory, create a new
.htaccess
file in /install
and add the following to it:Code:
AuthType Basic
AuthName "Upgrade System"
AuthUserFile "path/to/passwd/file"
Require valid-user
In this case it is using the same
passwd
file as for the ACP so just repeat the steps above to create a different one.Protecting test and development installations
The XF license terms state that any test and development installations "must be limited to You and Your website staff".
Again, just place the following at the top of the existing
.htaccess
file in the directory where XF is installed.Code:
AuthType Basic
AuthName "Test Installation"
AuthUserFile "path/to/passwd/file"
Require valid-user
Set the user and password as explained above.
With it set at the root, it isn't necessary to set it for
admin.php
and the /install
directory.Using IP address based protection instead of passwd
You can also use IP address protection instead of a
passwd
file. In which case you would just have this in the .htaccess
file for admin.php
:Code:
<Files admin.php>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>
And this for the /install directory:
Code:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Replace
127.0.0.1
with your actual IP address. You can find out your IP address here.Additional allowed IP addresses can be added on a new line.
If you have a static IP address then this approach is fine. If it's dynamic however, you will need to constantly update the file every time it changes.