How to secure Admin Panel in PHP?
I have a website which has two panels....
1- For Normal user accessible through domain.com 2- For Admins and Moderators accessible through admin.domain.com
When I (or anyone) access admin panel using admin.domain.com. He will be asked to enter username and password...BUT
How can I make this only visible to me (any way of telling server.. hey I am admin show me that page) One approach came in my mind is to use the route filter for static ips, like hey
Laravel my name is 22.214.171.124... show me that page.
Another approach is to separate my whole admin from server and use it directly from my localhost.
Please tell some more approaches (by the way I use Laravel)
Rather than, doing any server configurations, why don't you use a security field. Say, along with Username and Password, can you please add a field PIN to the form. Anyways, this field is again known to you only. Also, you can use strong passwords to protect your admin panel.
If your approach is want the server differentiate before they login. You can set the admin page only able to accessible by admin user with (IP address).
If they had login from main page. You can get the user role session.
Role Level 1 Admin 2 Moderator 3 Member
If you don't want users to see the admin login page at all you could require special GET parameter that pretty much is a password. e.g. admin.domain.com/ would simply output nothing but admin.domain.com/?5q38cZxyaA would output the login page. As long as you dont publish the link anywhere this is as save as sending a password via post(so its as save as the following real login).
If you have ssh access to the server, you can run the administration panel on some different port say port 3000 and then block that port in firewall with a exception of your own ip.