How to secure Admin Panel in PHP?

Question

I have a website which has two panels....

1- For Normal user accessible through domain.com
2- For Admins and Moderators accessible through admin.domain.com

When I (or anyone) access admin panel using admin.domain.com . He will be asked to enter username and password... BUT

How can I make this only visible to me (any way of telling server.. hey I am admin show me that page) One approach came in my mind is to use the route filter for static ips, like hey

Laravel my name is 192.116.45.15 ... show me that page.

Another approach is to separate my whole admin from server and use it directly from my localhost.

Please tell some more approaches (by the way I use Laravel)

Answer 1

Rather than, doing any server configurations, why don't you use a security field. Say, along with Username and Password, can you please add a field PIN to the form. Anyways, this field is again known to you only. Also, you can use strong passwords to protect your admin panel.

Answer 2

If your approach is want the server differentiate before they login. You can set the admin page only able to accessible by admin user with (IP address).

If they had login from main page. You can get the user role session.

Role Level
1    Admin
2    Moderator
3    Member

Answer 3

If you don't want users to see the admin login page at all you could require special GET parameter that pretty much is a password. eg admin.domain.com/ would simply output nothing but admin.domain.com/?5q38cZxyaA would output the login page. As long as you dont publish the link anywhere this is as save as sending a password via post(so its as save as the following real login).

Answer 4

如果您可以通过ssh访问服务器，则可以在其他端口（例如端口3000）上运行管理面板，然后在防火墙中阻止该端口（您自己的IP除外）。