Results 1 to 3 of 3

Thread: Control Panel only accessible by single IP

  1. Control Panel only accessible by single IP

    My blog was compromised 3 days ago. The guy probably deleted or maybe took my database and then installed a new one which is completely empty. I have no idea how they got inside. So maybe if there is a way I can limit which IP can access my cpanel.

    I know I can make a single IP access a dashboard through htaccess, but this time I'm gonna try cpanel, is this possible?

  2. #2
    Sorry to here that garfish. Take a look at this tutorial -

  3. #3
    I don't think that tutorial will help you to block users from hacking the control panel. It is used to prevent certain user IPs from accessing your site. You probably cannot block access to the control panel unless you have root access to your server. Have you asked your hosting company for a solution? The directories that you need to block are dependent upon your server configuration and very likely require root access in order to block them.

    Here is a method commonly used to prevent hackers from accessing the WordPress admin area. Scroll down to the section that is titled, "Apache .htaccess when you have a static IP." If you have access to the control panel directory, you can use that method to block access to all IPs except your own.

    Here is the code to use with the .htaccess file. You will need to place it in the control panel and probably also in the phpMyAdmin directory. Substitute your IP for the xx.xx.xx.xx. This only works if your ISP assigns you a static IP that never changes. Be careful with this. You will lock yourself out if your IP changes. Check with tech support at your hosting company to see if this will work with your sever configuration.

    Order Deny,Allow
    Deny from all
    Allow from xx.xx.xx.xx

    If the database is empty, they probably hacked phpMyAdmin. I see hundreds of hack attempts against my sites every month where bots are trying to determine the location of phpMyAdmin. Check your error 404 report and you will see lots of attempts to find that location.

    It sounds like you need to use a more complex password. If they broke in, it was probably because they hacked the password.

    I hope you had a database backup.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts