Zen Cart is a powerful open source e-commerce application. As any publicly available web application containing sensitive information, Zen Cart requires that you pay close attention to its data integrity and security.
Besides encryption and the use of strong passwords users are advised to rename the admin folder making it harder to an outside user to find the administrative interface where sensitive data can be displayed.
Another level of security can be achieved by restricting login access by IP address.
Note: if you host Zen Cart in a remote server and access the Internet with a dynamic IP address the following solution will not work. The solution will work if you either access admin from your local area network or if you always access the Internet with the same IP (if you have a static IP).
How to restrict access to Zen Cart's admin area by IP address:1. Find your static public IP address. For illustration purposes I am going to use the loopback IP (127.0.0.1) in my example;
2. Open the following file: .../admin/login.php
3. Add the following code Before “if ($message == false) {“:
if($_SERVER['REMOTE_ADDR']!="127.0.0.1"){
$message = true;
$pass_message = ERROR_WRONG_LOGIN;
}
After uploading the file your application will start denying access to anyone except you.
Thanks, this helped me a lot!
ReplyDelete