Extra security - .htaccess on login of a concrete5 install
Permalink
Has anyone managed to .htaccess the login page? I have tried putting the .htaccess file in
...concrete/controllers/
and
...concrete/single_pages/
and
...concrete/controllers/dashboard
but to no avail.
Has anyone got a solution? Obviously, it can't affect any of the webpage itself loading but it needs to be able to stop people getting to the c5 login page - extra protection.
If this can't be done yet, is there a way of moving to a /login method instead of index.php/login/?
...concrete/controllers/
and
...concrete/single_pages/
and
...concrete/controllers/dashboard
but to no avail.
Has anyone got a solution? Obviously, it can't affect any of the webpage itself loading but it needs to be able to stop people getting to the c5 login page - extra protection.
If this can't be done yet, is there a way of moving to a /login method instead of index.php/login/?
@Remo
Thanks for the reply. It was just an idea if it could be implemented easy. One more hoop for the hackers to go through as it were.
No matter, I use wordpress as well, that does have the admin area in a directory of it's own, so it is easy to add .htaccess too.
I know concrete5 is a CMS and needs the ability to edit front-facing pages, but this could still take place after a user has logged on to apache auth and c5. As it is not possbile, I will keep things as they are.
Thanks for the reply. It was just an idea if it could be implemented easy. One more hoop for the hackers to go through as it were.
No matter, I use wordpress as well, that does have the admin area in a directory of it's own, so it is easy to add .htaccess too.
I know concrete5 is a CMS and needs the ability to edit front-facing pages, but this could still take place after a user has logged on to apache auth and c5. As it is not possbile, I will keep things as they are.
yeah but the wordpress backend doesn't use wordpress itself.
The concrete5 dashboard has been built using the concrete5 framework... The chicken that lay its own egg basically.
Due to this it forwards backend calls to index.php as well. Wordpress has a completely different architecture where the backend isn't integrated into the site itself. That's totally fine for a software like wordpress, nothing I'd complain about for sure. But Concrete5 with its in-site editing concept is different and therefore can't be protected by a htaccess file in a directory.
You might be able to do some location matches though but I haven't played with that for a while and would have to put some effort into that as well..
The concrete5 dashboard has been built using the concrete5 framework... The chicken that lay its own egg basically.
Due to this it forwards backend calls to index.php as well. Wordpress has a completely different architecture where the backend isn't integrated into the site itself. That's totally fine for a software like wordpress, nothing I'd complain about for sure. But Concrete5 with its in-site editing concept is different and therefore can't be protected by a htaccess file in a directory.
You might be able to do some location matches though but I haven't played with that for a while and would have to put some effort into that as well..
I don't see an easy way to add a second login screen.. But why would you want this? basic auth is less secure than c5 authentication. Just add https to make sure it's encrypted and there's not much more you can do with htaccess