Securing the Backend Login
I'm brand new to Sitefinity and starting with 9.1. In my research I found this blog post from 2010 giving examples on how to protect/obscure your backend login form.
For now I want to start with the obscuring approach but the instructions don't seem to apply to 9.1 anymore. Is there a way for me to still use a similar approach?
Hi David,
Yeah the blog post refers to the old versions, however you can still do most of it:
Too many invalid password attempts:
These options can now be set through the backend interface via administration >> settings >> advanced >> security >> membership providers >> default >> parameters.
Adding a captcha to the login form:
There's a full fledged tutorial in the documentation that'll guide you through all the steps, you can find it here.
Limit access to the backend UI:
First of all, if you're not requiring backend access on the production servers (if you're using sitesync for example) there's an option in the backend to fully disable the backend ui. You can find it by going to Administration >> Settings >> Advanced >> System and toggle the "DisableBackendUI" option. This will disable the full ui, and stores this selection in the systemconfig.config file where you can remove it if you need occasional access.
If you require constant access, there's a knowledge base article that describes how to set the backend up to allow only access for white-listed IP's.
Hope this helps,
Jochem
Thank you Jochem! That article will be very useful.