1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. If you want premium products then purchase our VIP or SVIP plans
  3. Dont forget read our rules HERE Also anyone caught Leeching this content or Scamming will be banned on numerous networks.
    Dismiss Notice
  4. Dont forget we do not allow Multiple Accounts, so all of your accounts as well as your IP will be banned.
    Dismiss Notice
  5. Tired of Download Limits ? UPGRADE Today!
    Dismiss Notice

FREE [1.5.x] Tutorial Protecting admin.php and the install directory using .htaccess

Discussion in 'Xenforo Template Mods & Extras' started by Bastty, Sep 15, 2016.

Tags:
  1. Bastty

    Bastty Banned BANNED

    Likes Received:
    6
    Trophy Points:
    3
    Compatible XF Versions:
    • 1.0
    • 1.1
    • 1.2
    • 1.3
    • 1.4
    • 1.5
    If you want to provide an extra layer of protection to admin.php and the /installdirectory, you can do so with .htaccess.

    Protecting admin.php
    To protect admin.php, edit the .htaccess file which is in your forum root directory (e.g. /community) and add the following to it:
    Code:
    <Files admin.php>
    AuthType Basic
    AuthName "ACP"
    AuthUserFile "path/to/passwd/file"
    Require valid-user
    </Files>
    The "path/to/passwd/file" will look something like "/home/my-domain/.htpasswds/public_html/community/passwd".

    Then create a corresponding passwd file. This is how to do it using cPanel.
    1. Log in to cPanel
    2. Click on Password Protect Directories
    3. Select Web Root
    4. Click on the forum root folder
    5. Check Password protect this directory
    6. Name it as "ACP"
    7. Click Save
    1. Create User
    2. Enter Username
    3. Enter Password
    4. Click on Add/modify authorised user
    A passwd file will be created in /.htpasswds/public_html/<name_of_your_forum_root_folder>


    Protecting the /install directory
    To protect the /install directory, create a new .htaccess file in /install and add the following to it:
    Code:
    AuthType Basic
    AuthName "Upgrade System"
    AuthUserFile "path/to/passwd/file"
    Require valid-user
    In this case it is using the same passwd file as for the ACP so just repeat the steps above to create a different one.


    Using IP address based protection instead of passwd
    You can also use IP address protection instead of a passwd file. In which case you would just have this in the .htaccess file for admin.php:
    Code:
    <Files admin.php>
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    </Files>
    And this for the /install directory:
    Code:
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    Replace 127.0.0.1 with your actual IP address. You can find out your IP address here.
    Additional allowed IP addresses can be added on a new line.

    If you have a static IP address then this approach is fine. If it's dynamic however, you will need to constantly update the file every time it changes.
    Or you can just add the first 2 blocks like so: Allow from 127.0...
     
    coeur51 likes this.

Share This Page