Secure /admin path
This URL leads you to your adminpanel with a default Magento installation. You should change that path URI to something cryptic to increase your security level.You can do that in your Magento system configuration: Advanced > Admin.
Additionally you can secure it by denying all access by .htaccess except your IP:
order deny,allow
deny from all
allow from x.x.x.x
deny from all
allow from x.x.x.x
Secure /rss/catalog and /rss/order
This can be done by adding new rewrite conditions to your .htacces.Add these lines to your /magento_root/.htaccess:
## block access to admin rss feed
RewriteCond %{REQUEST_URI} ^.*/rss/catalog[OR,NC]
RewriteCond %{REQUEST_URI} ^.*/rss/order[NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [R=302,L]
RewriteCond %{REQUEST_URI} ^.*/rss/catalog[OR,NC]
RewriteCond %{REQUEST_URI} ^.*/rss/order[NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [R=302,L]
This will redirect the /rss/ feed directly to your homepage. If you have no SSL change the last line to
RewriteRule ^(.*)$ http://%{HTTP_HOST}/ [R=302,L]
But you should add SSL to your shop.
Secure /downloader
This path is used to install or uninstall modules in your shop. To secure this place from unauthorized access we have to deny access with the .htaccess in the /downloader folder. Add these lines to your /downloader/.htaccess file:
order deny,allow
deny from all
deny from all
If you want to use the downloader, you can temporary comment these lines or whitelist your IP, if you add this line:
allow from x.x.x.x
No comments:
Post a Comment