Secure your Magento Admin

Secure your Magneto admin
Changing the URL for your Magento admin isn't really a way to protect your store; security through obscurity isn't security at all. Fortunately, there is a nice simple modification that you can make to your .htaccess file to protect certain URLs from prying eyes.

For a single-store view Magento installation

############################################
## Secure admin

RewriteCond %{REQUEST_URI} ^/(index.php/)?admin/ [NC,OR]
RewriteCond %{REQUEST_URI} ^/downloader/ [NC]
RewriteCond %{REMOTE_ADDR} !^my.ip.add.ress
RewriteRule ^(.*)$ http://%{HTTP_HOST}/ [R=302,L]

For a Store View in a Subdirectory

If you have Magento installed in a subdirectory, or a store view as a virtual subdirectory of the main domain name, Eg. https://www.sonassi.com/shop/ Eg. https://www.sonassi.com/en/ Eg. https://www.sonassi.com/fr/
############################################
## Secure admin

RewriteCond %{REQUEST_URI} ^/(downloader|shop/|en|fr/)?(index.php/)?admin/ [NC,OR]
RewriteCond %{REQUEST_URI} ^/downloader/ [NC]
RewriteCond %{REMOTE_ADDR} !^my.ip.add.ress
RewriteRule ^(.*)$ http://%{HTTP_HOST}/ [R=302,L]
  • steve

     RewriteCond %{REMOTE_ADDR} !^my.ip.add.ressthis should be:RewriteCond %{REMOTE_ADDR} !^my.ip.add.ress$

  • bassemwarafi

    is this suppose to block all IP's except mine ?
    my IP is changing all the time according to our ISP , i guess this won't work for me right ?