How to protect the admin panel of my website?
Protect WordPress wp-admin | Joomla administator | OpenCart admin etc
If you have a website or eshop built on WordPress, Joomla, Opencart or some other application, then it is almost certain that there is a Administration Panel through which you manage your website.
In open source softwares such as the above-mentioned ones, the admin panel usually opens through a specific address, so basically everyone knows it.
For example in a WordPress site, the admin panel opens by adding /wp-admin at the end of the domain, in Joomla: /administrator, in opencart: /admin etc. As these addresses are the default ones and grant full access to the website to someone who can login, makes them a target for hackers whose goal is to take over the website.
What should I do to protect my data;
- First you need to set a strong password of the administrator account of your software. The more complex the code, the more secure it is. Then, you can change the Username to something else rather than the common admin or administrator.
- It is preferable to not keep your passwords saved in the browser, as they can be leaked through these softwares and in case of computer infection, this data breach becomes a lot easier. You should also do the same for the browsers of your other devices, such as smartphones, tablets, etc.
How to secure the admin panel
The general method is to restrict the access to the login form of your website's admin panel. This can be done with at least two ways.
The first one is to protect the folder in which the Login form is located, with an additional password. For example, the wp-admin address of WordPress represents a real folder named wp-admin which is also accessible through your cPanel File Manager. The same applies for the / administrator of Joomla, the / admin of opencart - that are also real folders in the file system of your application. In order to deter someone from taking advantage of this feature (the existence of a real folder linked to the actual address), you can protect this folder ( Password Protected Directory ) with its own password through the cPanel account of your hosting package. This password is different from the password of the admin panel of your website and does not affect its function.
You can see relevant instructions in the following article: Protect the administrator directory using a password which concerns Joomla CMS. The exact same procedure applies for any other CMS, by working with the relative directory you want to protect.
Our second suggestion is to limit the access to the admin panel for specific IP addresses. If you have a static IP this option is probably the best as you won’t need to constantly update the .htaccess file each time your network IP changes. This means that if you try to access a website from a specific IP address that has been pre-defined, you can, otherwise the website is not accessible and the user receives the message "Access Denied".
To set the IP addresses that will have access to the admin panel, open the .htaccess file in the directory that you want to protect and enter the following lines. If there is no .htaccess file in this folder, you can create a new one.
order deny,allowYou have to replace xxx.xxx.xxx.xxx with the ip address of your network, which can be found at: https://www.ip.gr/ip
deny from all
allow from xxx.xxx.xxx.xxx