Htpasswd for admin-plugin?

Muut · February 14, 2017, 10:58am

Is there a way to secure the /admin url with htpasswd?

Since ‘admin’ is not a folder in the file system I can’t drop a .htaccess/.htpasswd file there…

In the documentation there is a description how to rename the /admin slug. Is this the only way to make the admin plugin more secure?

Muut · February 14, 2017, 12:33pm

I have not tried using an apache protected area, but for example you can allow access only from your IP adding in your .htaccess:

<files admin>
    order deny,allow
    deny from all
    allow from your-ip-address
</files>

Muut · February 15, 2017, 9:13am

@flaviocopes
Since my IP changes it’s not a solution for my case.

Would you say changing the ‘admin’ slug is secure enough?

Muut · February 15, 2017, 9:38am

I guess it depends on your slug… At least 8 characters maybe: 1aD-*nY7

Topic		Replies	Views
Security for Admin login? Lock after set number of tries admin	1	828	July 19, 2017
Restrict admin access to defined IP addresses admin	0	505	December 31, 2021
Is there any way to change /admin url? Archive	4	572	November 17, 2015
Prevent unauthorized Grav admin login attempts? Archive	0	569	April 20, 2017
Security question (breakdown?) Archive	2	339	May 20, 2016