WEBVTT 1 00:00:08.246 --> 00:00:10.146 There are several methods in AdminTools 2 00:00:10.619 --> 00:00:12.932 to restrict access to the administrator 3 00:00:13.057 --> 00:00:15.057 interface of your website. 4 00:00:15.487 --> 00:00:16.760 The first we have already seen in the 5 00:00:16.783 --> 00:00:19.151 Web Application Firewall video. 6 00:00:20.457 --> 00:00:22.696 If we look at the Configure WAF here 7 00:00:23.203 --> 00:00:24.655 we can see that I can restrict 8 00:00:24.656 --> 00:00:26.656 administrator access only 9 00:00:26.702 --> 00:00:28.907 to IP addresses in a whitelist 10 00:00:29.166 --> 00:00:31.166 or disallow access to IPs 11 00:00:31.215 --> 00:00:33.215 that are in a blacklist. 12 00:00:34.098 --> 00:00:36.098 As most people want to be able to access 13 00:00:36.166 --> 00:00:38.166 their website administrator 14 00:00:38.166 --> 00:00:40.166 wherever they are perhaps 15 00:00:40.189 --> 00:00:42.189 when they are roaming from an internet cafe 16 00:00:42.132 --> 00:00:43.651 or their mobile phone 17 00:00:43.802 --> 00:00:46.146 I don't recommend that you set the whitelist up. 18 00:00:47.626 --> 00:00:49.626 You can also lockdown your administrator 19 00:00:49.695 --> 00:00:51.695 interface at certain hours of the day 20 00:00:51.650 --> 00:00:53.650 by setting an away schedule. 21 00:00:54.249 --> 00:00:56.249 For example I can prevent 22 00:00:56.306 --> 00:00:59.211 access from 18:00 to 08:00 23 00:01:00.018 --> 00:01:02.018 However, again 24 00:01:02.154 --> 00:01:04.154 in case of mergency this might not be 25 00:01:04.165 --> 00:01:06.165 the best option. 26 00:01:07.098 --> 00:01:09.098 Another option is to change the 27 00:01:09.141 --> 00:01:11.141 admin url. 28 00:01:11.141 --> 00:01:14.268 You can create a new admin url 29 00:01:14.335 --> 00:01:16.335 if you enter a word or phrase here 30 00:01:16.335 --> 00:01:17.676 without any spaces. 31 00:01:18.821 --> 00:01:20.821 If we now ave changes 32 00:01:21.470 --> 00:01:24.128 when someone tries to access the administrator 33 00:01:24.360 --> 00:01:26.360 withn the original url 34 00:01:26.390 --> 00:01:28.390 they will see that it is disabled. 35 00:01:30.146 --> 00:01:32.146 The only way you will be able to login 36 00:01:32.191 --> 00:01:34.191 to the administrator is by going 37 00:01:34.252 --> 00:01:36.252 to the new url. 38 00:01:38.780 --> 00:01:40.780 Whilst this will prevent most types of 39 00:01:40.717 --> 00:01:42.382 brute force attacks 40 00:01:42.516 --> 00:01:44.516 a far better option is to use 41 00:01:44.523 --> 00:01:46.156 the password protect WordPress 42 00:01:46.156 --> 00:01:47.644 administration feature 43 00:01:47.644 --> 00:01:50.075 that we saw in the installation video. 44 00:01:50.845 --> 00:01:52.526 With this method you can prevent 45 00:01:52.586 --> 00:01:54.586 access with an additional 46 00:01:54.586 --> 00:01:56.586 username and password. 47 00:01:56.999 --> 00:01:59.814 Enter the username and password that you want to use. 48 00:02:00.409 --> 00:02:02.409 his should not be the same as your 49 00:02:02.452 --> 00:02:04.452 password for anything else, 50 00:02:04.438 --> 00:02:07.431 including your WordPress administrator login. 51 00:02:07.988 --> 00:02:09.988 And click on Password protect. 52 00:02:11.671 --> 00:02:13.671 A pop up box will immediately be 53 00:02:13.656 --> 00:02:16.048 displayed requesting authentication 54 00:02:16.500 --> 00:02:18.500 and before you can proceed 55 00:02:18.500 --> 00:02:20.500 you must now enter the details 56 00:02:20.500 --> 00:02:22.500 that you just entered. 57 00:02:22.930 --> 00:02:24.930 If someone now goes to your website 58 00:02:25.006 --> 00:02:27.006 and attempts to log in to the administrator 59 00:02:27.049 --> 00:02:29.484 URL they will get a popup 60 00:02:29.626 --> 00:02:31.626 box asking for that additional 61 00:02:31.611 --> 00:02:33.611 username and password. 62 00:02:35.249 --> 00:02:37.249 The final protection that AdminTools 63 00:02:37.350 --> 00:02:40.206 provides is called Emergency Off-line. 64 00:02:41.137 --> 00:02:43.384 If for any reason you need to make sure 65 00:02:43.606 --> 00:02:45.606 that your web site is completely 66 00:02:45.673 --> 00:02:47.878 offline and can't be used for 67 00:02:48.032 --> 00:02:50.032 anything we can select this option 68 00:02:50.162 --> 00:02:52.162 and it will add these rules to your 69 00:02:52.187 --> 00:02:55.518 .htaccess file in the site root. 70 00:02:56.425 --> 00:02:58.425 What this will do is ensure that 71 00:02:58.425 --> 00:03:00.425 any requests to your website 72 00:03:00.425 --> 00:03:04.123 are redirected to a file called offline.html. 73 00:03:05.456 --> 00:03:07.456 If I activate this by clicking on 74 00:03:07.456 --> 00:03:09.456 the Set Offline button 75 00:03:09.456 --> 00:03:11.456 the site is now in Emergency 76 00:03:11.456 --> 00:03:12.862 Off-line mode and anyone 77 00:03:12.962 --> 00:03:14.962 coming to the site will be 78 00:03:15.085 --> 00:03:17.085 redirected to that offline page. 79 00:03:17.357 --> 00:03:19.036 You can if you wish replace this file 80 00:03:19.011 --> 00:03:20.212 with your own design. 81 00:03:21.532 --> 00:03:23.532 As long as your own internet connection 82 00:03:23.631 --> 00:03:25.631 and your IP address do not change 83 00:03:25.976 --> 00:03:27.976 you will still be able to access 84 00:03:28.051 --> 00:03:30.695 the site even when it's in offline mode. 85 00:03:31.964 --> 00:03:33.964 When you're ready to turn the site back online 86 00:03:34.063 --> 00:03:37.018 simply select Emergency Off-line 87 00:03:37.117 --> 00:03:39.438 and click the green Set Online. 88 00:03:39.741 --> 00:03:41.741 Anyone visiting your site now 89 00:03:41.963 --> 00:03:43.963 will see the site as you intended 90 00:03:43.905 --> 00:03:45.905 them to see it.