Menu

Topic-icon Allowing developer into back end of site who doesn't have a fixed IP address

  • tracey@feetfirst-reflexology.co.uk
  • tracey@feetfirst-reflexology.co.uk's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
6 months 1 week ago #7562 by tracey@feetfirst-reflexology.co.uk
Allowing developer into back end of site who doesn't have a fixed IP address was created by tracey@feetfirst-reflexology.co.uk
Hi Jose, hope you are well, thankfully it has been a while since I've needed to ask anything on the forum :). Hopefully a simple question for you!

I have a developer doing some planned work on one of my Joomla plugins on Monday and so need to be able to give them superuser access. I have turned the Geoblock off for their country and turned off the single superuser account to be able to create a second superuser account. I've kept my backend admin secret key which obviously I will share with the developer.

My question is what is the simplest way to turn off the IP address restriction on the administrator page so that the developer can access it and login successfully? In the past, they have done a couple of simple jobs and we have coordinated the time difference, they tell me their IP address and I add it to the public_html/administrator/ .htaccess file which says:

#allow from
#deny from all

This bit of development is likely to take more than one day and as they don't have a fixed IP address would involve daily adjustments and would take longer because we don't keep the same working hours. If I delete the #deny from all would that do the trick?

I'm keen to keep my security as tight as I can, while allowing the developer the access they need. Plus solutions need to be simple otherwise I tend to confuse myself (easily done!). I'd be grateful for your suggestions.

Tracey

Please Log in or Create an account to join the conversation.

More
6 months 1 week ago #7563 by Jose
Hi Tracey!

Hi Jose, hope you are well, thankfully it has been a while since I've needed to ask anything on the forum :). Hopefully a simple question for you!

I'm fine thanks! I hope you are fine too!

My question is what is the simplest way to turn off the IP address restriction on the administrator page so that the developer can access it and login successfully? In the past, they have done a couple of simple jobs and we have coordinated the time difference, they tell me their IP address and I add it to the public_html/administrator/ .htaccess file which says:

#allow from
#deny from all

This bit of development is likely to take more than one day and as they don't have a fixed IP address would involve daily adjustments and would take longer because we don't keep the same working hours. If I delete the #deny from all would that do the trick?

I'm keen to keep my security as tight as I can, while allowing the developer the access they need. Plus solutions need to be simple otherwise I tend to confuse myself (easily done!). I'd be grateful for your suggestions.

IMO having the backend protection enabled is enough to keep a good level of security. But if you want more protection you can reuse the .htaccess allowing an IP range; to do that just remove the
#allow from
and set
Allow from 10.0.0.0/24
replacing the IP address with your developer's IP.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • tracey@feetfirst-reflexology.co.uk
  • tracey@feetfirst-reflexology.co.uk's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
6 months 1 week ago #7564 by tracey@feetfirst-reflexology.co.uk
Replied by tracey@feetfirst-reflexology.co.uk on topic Allowing developer into back end of site who doesn't have a fixed IP address
IMO having the backend protection enabled is enough to keep a good level of security.

Does that mean I don't really need the extra .htaccess file under administrator? The whole IP address thing can be a bit of a pain when I'm working away from home myself.

Tracey

Please Log in or Create an account to join the conversation.

More
6 months 1 week ago #7565 by Jose
Yes, you don't need the allow/deny directive into the .htacess

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • tracey@feetfirst-reflexology.co.uk
  • tracey@feetfirst-reflexology.co.uk's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
6 months 1 week ago #7566 by tracey@feetfirst-reflexology.co.uk
Replied by tracey@feetfirst-reflexology.co.uk on topic Allowing developer into back end of site who doesn't have a fixed IP address
Cool, that would be the easiest thing to do by the sounds of it - I can always add it back in afterwards if I want to :)
Thank you!
Tracey

Please Log in or Create an account to join the conversation.

More
6 months 1 week ago #7567 by Jose
You're welcome Tracey! :)

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.081 seconds
Powered by Kunena Forum

Login or Sign In