Easy Programing

How to Protect Your Joomla Administration Section with .htaccess

If you have website running on Joomla, it is possible for others to recognize that your website is running on Joomla content management system. For all Joomla websites, anybody can access the administrator login page via the following URL http://<your-website-address>/administrator. People can try different user names and passwords. Mischievous hackers can even attempt to break in to administration section.

There are many methods to mitigate this risk, one being protecting the administrator directory with '.htaccess'. Here I am explaining how to protect your Joomla administrator section with .htaccess

Go to "administrator" directory inside your Joomla installation directory. Create a file named .htaccess and open it using a text editor. Add the following content in to this file.

Order deny,allow
Deny from all
Allow from  245.23.12.128
<Files .htaccess>
order allow,deny
deny from all
</Files>

In the above change the IP address to your IP address. (The second section will prevent viewing .htaccess file, if directory listing is enabled). Save and close. Now if anybody tries to access the administrator section from any other IP address, they will get a HTTP 403 FORBIDDEN error. If you are having a static IP address from your internet service provider, this method will work fine.

But if you do not have a static IP address or you are using a dial-up connection, then, first you need to find out your public IP address. Go to google.com and type "What is my IP address". Google will display your public IP address. See below

 Public IP Address

 Copy and Paste this IP address to the .htaccess file and you will be able to access the administrator section and nobody else. A disadvantage of this approach is, every time you connect to the internet, your IP address will change. So every time you have to change the IP address in your .htaccess file.

Note: This method will work only if .htaccess files are enabled by your apache web server. See apache docs to find out how to enable .htaccess files.

Instead of specifying a single IP, you can specify multiple IP addresses or a range of IP addresses as follows.

Allow from 12.13.14.15
Allow from 34.23.45.6
Allow from 34,35.21.22

Allow from 12.   (This will allow all IP addresses from 12.0.0.0 to 12.255.255.255)

You can also change the order of deny, allow to allow deny to give priority to allow.

You can also use the CDR notation to have precise control of the network.

Allow from 234.0.0.0/8 

For more information on CDR, please visit http://25yearsofprogramming.com/blog/20070803.htm
Powered by Bullraider.com