Restrict admin access to your IP addresses

This article is written with OpenCart in mind. It is perfectly valid for other platforms as well, including Magento, WordPress, PrestaShop and Joomla.

A quick and powerful security tip on your admin panel - secure it to be accessible to certain IP addresses only. This would ideally be you, and your other site administrators. In the next steps, I will explain how while keeping it simple.

STEP 1 - Check your public IP address

First step is to find your public IP address you would want to later whitelist in your admin folder. You can do this here, here or here.

STEP 2 - Put an .htaccess file

The objective here is to go to your admin folder on your server and to restrict the access to your admin panel to certain IP addresses only.

Connect to your server, where your site files are, using FTP client of your choice (like FileZilla). You will need the FTP credentials for your site in order to connect. If you are not sure how to find them, ask your hosting provider.

Once connected, navigate to your admin folder and create a new file there with name .htaccess. If such file exists already, simply open it for edit. Add the following code to this .htaccess file, by replacing 1.2.3.4 from the code below with your IP address (which you got from Step 1). You can allow multiple IP addresses by adding new Allow from lines with the other IPs. 

Order deny,allow
Deny from all
Allow from 1.2.3.4

Then save, and upload the file.

STEP 3 - Give it a try

Now, open your web browser and navigate to your admin panel. You should be seeing it the same way as before, without any issues. Now go back to Step 2 and change the allowed IP address to different than yours, and try again to reach the admin panel URL. Your access should be denied. You have tested it and it is working. Good job! Revert it back to your IP, and enjoy your new protection.

Join 11,000+ subscribers receiving actionable E-commerce advice

* Unsubscribe any time
comments powered by Disqus