Jump to content
Latest News: (loading..)

Additional Protection With htaccess/htpasswd secured through htaccess/htpasswd means.

Recommended Posts

6 hours ago, mhsuffolk said:

IMO securing the admin folder is more secure than the htaccess/htpasswd security layer method.

Eh? You're talking about the same thing!

Anyway, there are up to four layers of protection to keep bad guys out of your shop administration:

  1. Using SSL so they can't "snoop" on the admin traffic. The whole site should be under SSL (https) these days, so that's a moot point.
  2. Administrator ID and password -- not easily guessable, right?
  3. Unguessable admin directory name. The first thing every hacker tries is to get into your <domain>/admin area, so changing admin to something weird is good.
  4. Server "password protection" on admin and everything under it. This means having to "log in" a second time to get in. Of course, the ID and password you use is different from the Administrator ID and password, right?

Number 4 is the issue at hand. You are much better off using your control panel's "password protect a directory" function than trying to install the files supplied with osCommerce. The former is guaranteed to work and is easy to install, while the latter is iffy and difficult to install. The only downside to using your control panel function is that osC's security check may not recognize that you did it, and report that there is no password protection, when there is. If you have to give two separate logins to get to your admin functions, it's working.

Many sites choose not to do #4. It's less secure, but that's up to your comfort level.

If you are running the "official" osC 2.3.4 or download, your installation is obsolete! Get (stable) Frozen or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post

Link to post
Share on other sites
On 3/23/2018 at 10:01 PM, videosilva said:

Nobody is able to decipher this one ? I can not be the only one with this problem ?

A stickied thread on etiquette might be in order. The concept is to ask a clear question and be respectful and thankful for every answer you receive.

The water in a vessel is sparkling; the water in the sea is dark. The small truth has words which are clear; the great truth has great silence.

- Rabindranath Tagore

Share this post

Link to post
Share on other sites

(While the OP has not been here for quite a while, for anyone else following this thread ... )

As @MrPhil mentioned, if you use your cPanel (or whatever tool available to you) to password protect the Admin directory, please be aware that the Security Check in Admin most likely will not know about it, and will continue to tell you that you should/need to password protect it through the Admin screen. Just ignore this.



If you are running the "official" osC 2.3.4 or download, your installation is obsolete! Get the latest community-supported responsive "Frozen" release here

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now