+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Securing the Backend Login

Securing the Backend Login

3 posts, 1 answered
  1. David
    David avatar
    4 posts
    Registered:
    21 Mar 2016
    21 Jun
    Link to this post

    I'm brand new to Sitefinity and starting with 9.1. In my research I found this blog post from 2010 giving examples on how to protect/obscure your backend login form.

    For now I want to start with the obscuring approach but the instructions don't seem to apply to 9.1 anymore. Is there a way for me to still use a similar approach?

    Answered
  2. Jochem Bökkers
    Jochem Bökkers avatar
    787 posts
    Registered:
    13 Aug 2007
    22 Jun
    Link to this post

    Hi David,

    Yeah the blog post refers to the old versions, however you can still do most of it:

    Too many invalid password attempts:
    These options can now be set through the backend interface via administration >> settings >> advanced >>  security >> membership providers >> default >> parameters.

    Adding a captcha to the login form:
    There's a full fledged tutorial in the documentation that'll guide you through all the steps, you can find it here.

    Limit access to the backend UI:
    First of all, if you're not requiring backend access on the production servers (if you're using sitesync for example) there's an option in the backend to fully disable the backend ui. You can find it by going to Administration >> Settings >> Advanced >> System and toggle the "DisableBackendUI" option.  This will disable the full ui, and stores this selection in the systemconfig.config file where you can remove it if you need occasional access.

    If you require constant access, there's a knowledge base article that describes how to set the backend up to allow only access for white-listed IP's. 


    Hope this helps,
    Jochem

  3. David
    David avatar
    4 posts
    Registered:
    21 Mar 2016
    22 Jun in reply to Jochem Bökkers
    Link to this post

    Thank you Jochem! That article will be very useful.

3 posts, 1 answered