Hi, i want to restrict admin access to the admin area of my website. I was thinking of whitelisting all the IP addresses that are allowed to access the admin area. Is there a service that you can pay for that will allow you to connect through some sort of virtual tunnel, so that you can be guaranteed to have the same IP address regardless of your location, as you will be using the tunnel IP address... not sure if this makes sense... OR maybe you have a better way, thanks in advance...
Not sure of a service, but this(IP whitelist) is pretty easy to accomplish using .htaccess. Additionally, I'd remove the "admin" user and create another user with administrative rights. I think that should take care of most concerns and of course you might want to monitor your logs to look for anything unusual. However, it's my understanding that most attacks are done by automation, so unless you feel like you might have some concentrated human effort to attack your site, the above should fit the bill. Additionally, depending on the type of service you run you may want to block entire countries which you don't do business with. This won't take care of proxies, but could keep away some kids playing games.
The best way to restrict admin is to use IP address blocking. But if you are looking for some other solutions you should go for the Virtual private network which can be set to access at particular location only
Restricting IP access with htaccess is probably your best solution, then you can get a dedicated private proxy which should always give you the same ip. If you know your own ip and if it does not change you could simply use that ip, I have a homeserver on my own ip since my ip only changes when I restart my modem and I keep it on at all times. However this may not be the best way to secure your site since it can be annoying if you can't get to that whitelisted ip. You might consider implementing an email verification system for computers which are not known for example, I believe facebook can be configured to do this. The site will remember which computers are whitelisted and if a non-whitelisted computer is used a verification email is sent to the users email for them to verify before logging in, thus if someone else tries to access your admin area they would need to have access to your specified email as well.
i think best solution is htaccess, you should generate a file htpasswd for login to admin area(need user and pass to login). best for you !
VPN is really a one of the best way to restrict Admin access for ur website......I have tried for my website too,and it works.