Make your WebsiteBaker admin more secure

Most people will have the admin area of their WebsiteBaker website named the default /admin/.

This means everyone who tries to access www.yourwebsite.com/admin/ will be able to try and login.

WebsiteBaker  does not have any intrusion detection on the admin pages, so any brute-force attack can go on for a long time without you knowing about it, eventually possibly finding the right combination of username and password.

Also great servertools like the configserver firewall will not detect any failed logins on a WebsiteBaker website just because it is just not logged anywhere.

To protect your admin there is a nice tool that will help you in creating a whitelist of IP addresses that can access the admin area of your website.

You can view and download this module for free on the  Dev4me website

WebsiteBaker 2.8.3 SP7

The "secure admin" tool will work on all WebsiteBaker versions, but for WebsiteBaker 2.8.3 SP7 there is a nice extra.

WebsiteBaker version 2.8.3 SP7 will log all PHP errors in a logfile.

Great news, it will not break your website layout if there is a notice or warning that is not critical, and it makes it easy to check for errors.

The bad news is that anyone can see the php errors your website has generated since it was installed (unless you remove your php_error.log by FTP manually).

Secure Admin will also secure your /var folders (where the log is written), so nobody except the administrators with valid IP's can view this logfile.

My advice is: Install Secure Admin and make your WebsiteBaker website a little bit more secure!

 

This article is tagged with:
WebsiteBaker 2.8.3 PHP WebsiteBaker Hacking Security