how to protect joomla administrator folder?
-
30-04-2021 - |
Domanda
index.php
$admin_cookie_code="1234567890";
setcookie("JoomlaAdminSession",$admin_cookie_code,0,"/");
header("Location: /administrator/index.php");
.htaccess file
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/administrator
RewriteCond %{HTTP_COOKIE} !JoomlaAdminSession=1234567890
RewriteRule .* - [L,F]
i used this code but it's not working... page will be redirect to administrator but www.domain.com/administrator is also accessable
Soluzione
I got tired of searching an answer for this one and just made a PHP code that will redirect if the visitor gets into the /administration folder without the security key or as a registered user:
Just place this code at the end of the index.php file on your administration folder (/administration/index.php) before the 'echo' instruction:
/* Block access to administrator
--------------------------------------------- */
$user =& JFactory::getUser();
$secretkey = 'mysecretkey';
$redirectto = 'location: http://www.mysite.com';
$usertype = 'Registered';
//Check if the user is not logged in or if is not a super user:
if ($user->guest || (!$user->guest && $user->usertype != $usertype) ) {
//Check if the secret key is present on the url:
if (@$_GET['access'] != $secretkey) { header($redirectto); }
}
/* --------------------------------------------- */
After you will be only able of accessing your site using: www.mysite.com/administrator/?access=mysecretkey
Tested on Joomla 1.5 and Jooma 2.5, worked well for both.
I explain it a little bit more on my page: http://developer.infoymas.com/jooma/protect-your-joomla-administrator-folder/
Altri suggerimenti
Are you trying to hide the administrator URL ? Here is what I'm using : http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection/15711
You can find more extensions here : http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection
http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection
you can use this protect your admin login. this is really esay and nice extension.