Make your WebsiteBaker admin more secure

Most people will have the admin area of their WebsiteBaker website named the default /admin/.

This means everyone who tries to access www.yourwebsite.com/admin/ will be able to try and login.

WebsiteBaker  does not have any intrusion detection on the admin pages, so any brute-force attack can go on for a long time without you knowing about it, eventually possibly finding the right combination of username and password.

Also great servertools like the configserver firewall will not detect any failed logins on a WebsiteBaker website just because it is just not logged anywhere.

To protect your admin there is a nice tool that will help you in creating a whitelist of IP addresses that can access the admin area of your website.

You can view and download this module for free on the  Dev4me website

WebsiteBaker 2.8.3 SP7

The "secure admin" tool will work on all WebsiteBaker versions, but for WebsiteBaker 2.8.3 SP7 there is a nice extra.

WebsiteBaker version 2.8.3 SP7 will log all PHP errors in a logfile.

Great news, it will not break your website layout if there is a notice or warning that is not critical, and it makes it easy to check for errors.

The bad news is that anyone can see the php errors your website has generated since it was installed (unless you remove your php_error.log by FTP manually).

Secure Admin will also secure your /var folders (where the log is written), so nobody except the administrators with valid IP's can view this logfile.

My advice is: Install Secure Admin and make your WebsiteBaker website a little bit more secure!

 

This article is tagged with:
WebsiteBaker 2.8.3 PHP WebsiteBaker Hacking Security

Related articles

Some unwanted settings after upgrading WebsiteBaker to SP6 or SP7

Upgrading WB to the latest version is always a good idea.. but..

Unfortuntly there are some default settings enabled that could break your website after upgrading from an older revision.

Read the full article

Vulnerability 2.8.3-SP5 and probably prior

A vulnerabity was found in WebsiteBaker version 2.8.3 SP5.
The problem was existing in earlier versions too, so action is required.

Read the full article

Comments on this article - Note: comments will be reviewd by a moderator before publishing!

Add your comment

Your name:
Email address:
Website:
Your comment: