Added Security for Joomla etc sites

I help look after a number of websites and as always there are those trying to bring a site down. Doesn't matter what sort of site it is, or who the audience is, someone somewhere will want to crash or damage it.

Joomla and Wordpress sites are very popular and are their formats are well known, especially to those who like to destroy what others have built. I'm not giving too much away if I say that these software packages have administration directories that make the website run as it should.

In the past, I've used a Joomla plugin called JSecure Lite (it was free and it worked) but it is no longer supported/available. There is a chargeable version which costs $50 a year (at time of writing).

The lite version causes an error message to appear at the top of each page now, possibly due to a PHP upgrade issue and it is possible to simply comment out the line at fault, but another option is one that I have used before and keep forgetting about.

Having being reminded about this method this week, I'd like to list it here to share, and as an aide-memoire.

In your admin directory, either create or add the following code to your existing, .htaccess file.

Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xx
Allow from yy.yy.yy.yy

 

Where xx.xx.xx.xx is the IP address of your computer. yy.yy.yy.yy is the same, but for a second computer that you allow to work on your site. Your IP is: 35.175.121.230. Simply substitue these numbers for the xx.xx.xx.xx (or yy.yy.yy.yy). If you don't need a second computer, for example from work, remove the second "Allow from" line. Then save your .htaccess file.

If, like me, your IP changes slightly from time to time, (the last two numbers on mine change randomly) simple use the first two sets of numbers, like this:

Allow from xx.xx

Note there is only one dot used!