Secure admin panel¶
You should always secure the admin panel. The administrator panel contains a lot of sensitive information. It sometimes has some security lacks (for example, it does not have a captcha for login, and it can lead to easy brute-force attacks), not as good as on the customer area of your website.
Use secure and random admin panel URL¶
- Do not use predictive URLs like
admin
,secure-admin.php
; these names exist in many wordlists. - Use secure names that look like strong passwords
54NN9jLPxoMCjtyWyPQt.php
; I have generated this random string on the free password generator tool1 and have added.php
extension.
Note
Use SSH/SFTP access to rename admin panel
Protect admin panel with extra security¶
Create extra security layers like
- Restrict access to the admin panel by "Basic access authentication" as PHPMyAdmin and Adminer"
- Restictions by IP (allow listing) for your office. But this way has also had security lack like "what will happen if an attacker comes into your office?"
- Use CS-Cart addon Access restrictions on your website
Read our article "How to make your CS-Cart or Multi-Vendor project more secure" to know hot-to handle other security gaps.
Hint
If you have a problem, need assistance with tweaks or a free consultation, if you just want to discuss your project with experts and estimate the outcome, if you're looking for a solution that reinforces your online business, we will help. Let us know through Scalesta account or email.