Category: Web Hosting Tutorials

How to password protect a webpage location

Mon 15 April 13 Comments are Closed

There are times for security reasons when you might want to limit access to a specific file or directory by using a login and password.  One reason to do this would be to protect your WordPress installation, by limiting access to the wp-login.php script.  Adding the following to your webpage root .htaccess file will require login access to the wp-login script:

<FilesMatch "wp-login.php">
 AuthType Basic
 AuthName "Secure Area"
 AuthUserFile "/home/example/.htpasswds/webpage/wp-admin/.htpasswd"
 require valid-user
 </FilesMatch>

Additionally you can protect all files within a specific directory by putting the .htaccess file in the directory (for example /wp-admin/ directory in the case of WordPress) you want to password protect with the following:

AuthType Basic
 AuthName "Secure Area"
 AuthUserFile "/home/example/.htpasswds/webpage/wp-admin/.htpasswd"
 require valid-user

You just put the above information into a “.htaccess” file and upload to your location of choice. To create the “.htpasswd” file with users and passwords, please use the following online utility: http://www.htaccesstools.com/htpasswd-generator/

 

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How to limit webpage access by a specific IP address

Mon 15 April 13 Comments are Closed

There are times for security reasons when you might want to limit access to a specific file or directory by IP address.  One reason to do this would be to protect your WordPress installation, by limiting access to the wp-login.php script.  Adding the following to your webpage root .htaccess file and it will limit access to the wp-login script to a single IP address:

(ensuring you replace 100.100.100.101 with your own IP address)

<FilesMatch "^wp-login.php$">
	Order Deny,Allow
	Allow from 100.100.100.101
	Deny from all
</FilesMatch>

Or to protect the administrator login page for Joomla instead of WordPress add:

<FilesMatch "^administrator/index.php$">
	Order Deny,Allow
	Allow from 100.100.100.101
	Deny from all
</FilesMatch>

Additionally you can protect all files within a specific directory by putting the .htaccess file in the directory (for example /wp-admin/ directory in the case of WordPress) you want to protect with the following:

Order Deny,Allow
Deny from all
Allow from 100.100.100.100
  • Optional: You can enter partial IP Addresses, such as, 100.100.100. This allows access to a range of addresses.
  • Optional: You can add multiple addresses by separating them with comma’s.
100.100.100.101, 100.100.100.102

You can also accomplish the above by using rewrite rules inside the .htaccess file, for example:

Single IP address access

To allow access from a single IP address, replace 123\.123\.123\.123 with your own IP address:

RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
 RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
 RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
 RewriteRule ^(.*)$ - [R=403,L]

Multiple IP address access

To allow access from multiple IP addresses, replace 123\.123\.123\.xxx with your own IP addresses:

RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
 RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
 RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.121$
 RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.122$
 RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
 RewriteRule ^(.*)$ - [R=403,L]

If your IP address changes, or you have a very large amount of possible IPs you’re connecting from, you can protect your WordPress site by only allowing login requests coming directly from your domain name. Simply replace example\.com with your own domain name

RewriteCond %{REQUEST_METHOD} POST
 RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com[NC]
 RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
 RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
 RewriteRule ^(.*)$ - [F]

 

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How do I optimize or repair a MySQL database

Wed 03 October 12 Comments are Closed

You can manage your databases by utilizing our web based online database tool at: https://database.imageway.com

Optimize Tables

  1. Select the database you want to optimize from the list in the left column, which should take you to the “structure” tab for the database.
  2. Select the tables you wish to optimize by checking the check box in front of each one, or clicking on Select All if you want to optimize all of them.
  3. On the drop down box that says “with selected…” select “Optimize Table.”  This will optimize the table and take you to a new screen.

Repair Tables

  1. Select the database you want to repair from the list in the left column, which should take you to the “structure” tab for the database.
  2. Select the tables you wish to repair by checking the check box in front of each one, or clicking on Select All if you want to repair all of them.
  3. On the drop down box that says “with selected…” select “Repair Table.”  This will repair the table and take you to a new screen.
Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

 

Can I block or redirect an IP or an entire region or country from seeing my site?

Wed 03 October 12 Comments are Closed

Yes, you can block visitors per their IP address or redirect them based on their country. Countries will have a specific IP address range (or country code), and you can use that information to block or redirect all or some of their traffic.  There are more than one way to do this:

Redirecting a Country using GeoIP (mod_geoip)

The preferred and fastest method for checking against the country the visitor is coming from is to use GeoIP if your web server supports it. The Imageway web server does support the use of GeoIP. Here are some example scenarios that can be added to your .htaccess file:


# Redirect one country
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CA$
RewriteRule ^(.*)$ http://www.canada.com$1 [L]


# Redirect multiple countries to a single page
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CA|US|MX)$
RewriteRule ^(.*)$ http://www.northamerica.com$1 [L]


# Redirect multiple countries to a single page if they don’t match
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(CA|US|MX)$
RewriteRule ^(.*)$ http://www.website.com/not-allowed [L]

Visit https://dev.maxmind.com/geoip/legacy/codes/iso3166/ for a listing of country codes.

Blocking a Country or Region using PHP

Searching the internet, we found a unique solution for blocking countries and regions via IP addresses with some PHP coding.

Visit http://timtrott.co.uk/block-website-access-country for more details about this method, including example code.

Blocking a Country or Region with htaccess Deny Rules (mod_rewrite)

Another way to do it is to block IP ranges in the .htaccess file for your site.

For a current list of IP addresses by country, please visit http://www.countryipblocks.net/

On the resulting page, click the “.htaccess deny” link for the desired country. This is the exact code you should paste in your .htaccess file. Usually the .htaccess can be put in your top level webpage/ folder so it can protect all your subdirectory paths.

This method is not the preferred method for countries with large IP ranges since if your .htaccess file is very large and takes too long for our web server to load, then it will be skipped. The preferred method would be to use the GeoIP example above since it keeps the .htaccess very small, and uses a internal memory database for lookup.

I have a specific IP I want to block.

To block multiple IP addresses, list them one per line by editing your .htaccess file, for example:

order allow,deny
deny from 127.0.0.1
deny from 127.0.0.2
deny from 127.0.0.3
allow from all

You can also block an entire IP block/range. Here we will not specify the last octet in the .htaccess file.

deny from 127.0.0

This will refuse access for any user with an address in the 127.0.0.0 to 127.0.0.255 range.

Instead of using numeric addresses, domain names (and subdomain names) can be used to ban users.

deny from isp_name.com

It bans users with a remote hostname ending in isp_name.com. This would stop all users connected to the internet via isp_name.com from viewing your site.

If you only want to allow certain IPs to connect to your website, you can set an option for deny from all, which will deny everyone.

This must be done by coding your .htaccess file as follows:

deny from all
allow from 70.24.291.52
allow from 216.130.49.223 #my house

Using .htaccess to block an entire range or name is likely to lock out innocent users. Use with caution.

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Using robots.txt to restrict seach engines

Wed 03 October 12 Comments are Closed

What is the purpose of the robots file?

When a search engine crawls (visits) your website, the first thing it looks for is your robots.txt file. This file tells search engines what they should and should not index (save and make available as search results to the public). It also may indicate the location of your XML sitemap. The search engine then sends its “bot” or “robot” or “spider” to crawl your site as directed in the robots.txt file (or not send it, if you said they could not).

Google’s bot is called Googlebot, and Microsoft Bing’s bot is called Bingbot. Many other search engines, like Excite, Lycos, Alexa and Ask Jeeves also have their own bots. Most bots are from search engines, although sometimes other sites send out bots for various reasons. For example, some sites may ask you to put code on your website to verify you own that website, and then they send a bot to see if you put the code on your site.

Read Google’s official stance on the robots.txt file.

Where does robots.txt go?

The robots.txt file belongs in your document root folder. The document root folder name we use for our hosting is “webpage/”.

You can simply create a blank file and name it robots.txt. This will reduce site errors and allow all search engines to rank anything they want.

Blocking Robots and Search Engines from Crawling

If you want to stop bots from visiting you site and stop search engines from ranking you, use this code:

#Code to not allow any search engines!
User-agent: *
Disallow: /

You can also prevent robots from crawling parts of your site, while allowing them to crawl other sections. The following example would request search engines and robots not to crawl the cgi-bin folder, the tmp folder, and the junk folder and everything in those folders on your website.

# Blocks robots from specific folders / directories
User-agent: *
Disallow: /cgi-bin/
Disallow: /tmp/
Disallow: /junk/

In the above example, http://www.yoursitesdomain.com/junk/index.html would be one of the URLs blocked, but http://www.yoursitesdomain.com/index.html and http://www.yoursitesdomain.com/someotherfolder/ would be crawlable.

Keep in mind that robot.txt works like a “No Trespassing” sign. It tells robots whether you want them to crawl your site or not. It does not actually block access. Honorable and legitimate bots will honor your directive on whether they can visit or not. Rogue bots may simply ignore robots.txt.

View more robots.txt codes here.

Read about changing Google’s crawl rate.

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How to change your MySQL database user password

Fri 23 July 10 Comments are Closed

The SQL statement you need to run on the MySQL database to change your personal database user password is:

SET PASSWORD = PASSWORD(‘biscuit’);

That will set the password for the current user your logged in as to “biscuit”. You can issue this SQL command by using a 3rd party MySQL client, or using our MySQL editor which is available at “https://www.imageway.com/support“.

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

back to top