ANS Documentation

Improve This Doc
  • Cloud
  • Domains and DNS management
  • Backup and High Availability
  • eCommerce Stacks
  • Security
    • DDoSX®
    • Web Application Firewall
    • Threat Monitoring and Threat Response
      • General Information and FAQs
      • How does it work?
      • System Requirements
      • Getting Started
      • Installing on a UKFast hosted server
      • Installing on a non-UKFast hosted server
      • PCI DSS Compliance
      • Alerts and rulesets
      • Attack Ruleset
      • High Level Alerts Explained
      • Alert Remediation Tips
      • Common Attacks
      • Databases
      • Exploits
      • File Monitoring (FIM)
      • Malware
      • Service Specific Alerts
      • System
      • Windows
      • Scans and Reconnaissance
    • McAfee Antivirus
    • Vulnerability Scans
    • Keeping Magento secure
    • Keeping WordPress secure
    • Brute Force Attacks
    • CryptoLocker
    • Dirty COW
    • The Logjam attack
    • Meltdown and Spectre
    • Memcached security concerns and reflection/amplification DDoS attacks
    • Wana Decryptor / Wana Decrypt0r 2.0 / WannaCry
    • Log4J Vulnerability
    • Polkit Security Vulnerability CVE-2021-4034
    • CVE-2022-0847 - Dirty Pipe Vulnerability
  • Email
  • Monitoring and usage management
  • Networking
  • Operating systems
  • Webcelerator
  • MyUKFast
  • Home >
  • Security >
  • Threat Monitoring and Threat Response >
  • Alert Remediation Tips >
  • Page authentication and restrictions with htaccess

Page authentication and restrictions with htaccess¶

Administration panels and gateways are a prime target for attackers, brute force attacks and XSS attacks are common to try and gain access to your website with administrative privileges. Websites powered by a CMS, like WordPress or Magento are especially vulnerable to this. Login and administration panels can be easily found with these CMS systems, so enabling an extra step of authentication is pivotal to ensure security.

Luckily, we can employ access control rules through the use of an htaccess file. This file will communicate with the web server whenever a user tries to access a restricted path, ‘/wp-admin’ for example. This communication with the web servers allows authentication checks to be employed, these could include asking the user for a username and password, requiring certain IP addresses or even blocking certain user agents and browsers.

From a Threat Monitoring standpoint, we find that servers that employ this type of security on administration panels see a 90% reduction in the number of brute force attacks sitewide.

For more information on setting this up, feel free to follow our guide on setting up htaccess rules.

Next Article > IP Based Allow listing

  • Useful Links
  • SMB
  • Enterprise
  • Channel
  • Public Sector
  • ANS Data Centres
  • About ANS
  • Careers
  • Blog
  • Get in touch
  •  
  • Sales 0800 458 4545
  • Support 0800 230 0032
  • Get in touch

© ANS Group Limited | Terms and Conditions | Corporate Guidance | Sitemap
ANS Group Limited, registered in England and Wales, company registration number 03176761, registered office 1 Archway, Birley Fields, Manchester M15 5QJ