xenForo - Protect admin.php link with a password

Discussion in 'Web Development' started by RLZ, Dec 7, 2016.

Tags:
  1. RLZ

    RLZ C Sharp Programmer

    213
    274
    248
    Credits:
    1,695
    Hello,

    Here is how to secure the admin.php link with htpasswd which requires a login and password.

    First, go here Please login or register to view links or downloads! - Create an htpasswd password

    This site believes you htpasswd

    Let's take for example:

    - Log in: admin
    - Password: admin
    19cdf10888b4b9d88a502aa0f7b3ac67.png

    Here is the result:
    64e07b1fbfd6eae39e0136da6de8d036.png

    On your FTP to the root create a new .htpasswd file named

    Inside put the result of the place.

    Add this to your .htaccess

    <Admin.php files>
    AuthType Basic
    AuthName "XenForo Panel"
    AuthUserFile "/ home / the FTP / www user or public_html / .htpasswd"
    Require user valid
    </ Archives>
     
    CabCon and iHax_dani like this.
  2. iHax_dani

    iHax_dani New Member

    12
    1
    3
    Credits:
    24
    Nice job ☺
     
  3. Tusta

    Tusta Head Member Donator

    20
    11
    14
    Credits:
    3,242
    nice Post :smile:
     
  4. RLZ

    RLZ C Sharp Programmer

    213
    274
    248
    Credits:
    1,695
    thanks m8
     
    iHax_dani likes this.
  5. RLZ

    RLZ C Sharp Programmer

    213
    274
    248
    Credits:
    1,695
    thanks!
     
    iHax_dani likes this.
  6. CabCon

    CabCon Head Administrator Staff Member Head Staff Team

    4,068
    2,642
    403
    Credits:
    188,706
    Good tutorial, that's how we protect our admin panel :y:! :smile: + an IP protection.
     
    iHax_dani and Tusta like this.
  7. RLZ

    RLZ C Sharp Programmer

    213
    274
    248
    Credits:
    1,695
    Thanks Mr.CabCon!
     
    iHax_dani, Tusta and CabCon like this.
  8. SeriousHD-

    SeriousHD- Guest

    Credits:
    0
    I would not recommend using this actually. His method is outdated and very unsecure. Message me for the full explanation, but this would make the security virtually useless. Just a heads up, as that could be a tip in the wrong direction.
     
  9. SeriousHD-

    SeriousHD- Guest

    Credits:
    0
    This is a very bad way to secure your site. I would flag this for removal, but it doesnt technically break rules. Long story short, using MD5 for your hash with 0 salt (or hell even with salt) can be enough to have an entire database compromised in a few hours.
     
  10. CabCon

    CabCon Head Administrator Staff Member Head Staff Team

    4,068
    2,642
    403
    Credits:
    188,706
    Yes, that's the reason why we are also using a IP protection. :smile:
     
    DF_AUS and RLZ like this.
  11. SeriousHD-

    SeriousHD- Guest

    Credits:
    0
    Well even through the IP Protection... I can resolve your IP address still, and I can request resources as well. If you are using anything less than SHA256 (which is also questionable) your databases are insecure.
     

Share This Page