CODEWITHSUNDEEP
phpapachepasswordsadmin
Timo Huovinen
Timo Huovinen

Reputation: 55643

most secure way to password protect admin files/folders?

what is the most secure way to password protect admin files/folders?

im on apache/php

Upvotes: 0

Views: 2487

Answers (4)

Nɪsʜᴀɴᴛʜ ॐ
Nɪsʜᴀɴᴛʜ ॐ

Reputation: 2914

Securing admin folder with HTTP Authentication (.htpasswd & .htaccess)

  1. Navigate to http://aspirine.org/htpasswd_en.html to generate username and password in an encrypted form

Eg: 

username: User_name
password: Mypassword

Result will be depending upon your selected hashing algorithm

Eg.: 

User_name:TX9D66ksKUR0o

Save this in “.htpasswd” file

  1. Creating a “.htpasswd” file on your web server other than the /public_html directory. Preferably one directory above it in the /home folder which would store the username and password in an encrypted form for the HTTP authentication.

  2. Add the following code to the .htaccess file inside the /admin folder on your server. Do not forget to put the correct path of the .htpasswd file in the following code snippet:


    AuthType Basic
    AuthName "Your_Name"
    AuthUserFile path-to/.htpasswd/file
    Require valid-user
    AuthName "Authorisation Required"
    require valid-user
    # IP
    # order deny,allow
    # deny from all
    # allow from xxx.xx.xx.xxx

Upvotes: 0

Atli
Atli

Reputation: 7930

An alternative to the htaccess method is to put the files that should be protected outside the web-root - somewhere where a typical HTTP request can't reach them - and have PHP relay them back to the client as needed.

This is useful in situations where you need more control over the process than Apache gives you. Like, say: if you wanted to integrate this with your PHP application's member functionality; allowing members that have already logged in access to the files while denying access to others.

Upvotes: 2

user253984
user253984

Reputation:

Create a .htaccess and .htpasswd with one of the 10000 .htaccess generators out there and use the htpasswd included in most distros to add users to the .htpasswd.

Upvotes: 0

nikc.org
nikc.org

Reputation: 16983

The most secure way is to keep it off the internet alltogether ;-)

But irony aside, I'd suggest using .htaccess. Simple and requires no programming effort from you.

http://www.htpasswdgenerator.com/apache/htaccess.html#8

Upvotes: 6

Related Questions