Securing the Backend Login

Posted by Community Admin on 03-Aug-2018 19:15

Securing the Backend Login

All Replies

Posted by Community Admin on 21-Jun-2016 00:00

I'm brand new to Sitefinity and starting with 9.1. In my research I found this blog post from 2010 giving examples on how to protect/obscure your backend login form.

For now I want to start with the obscuring approach but the instructions don't seem to apply to 9.1 anymore. Is there a way for me to still use a similar approach?

Posted by Community Admin on 22-Jun-2016 00:00

Hi David,

Yeah the blog post refers to the old versions, however you can still do most of it:

Too many invalid password attempts:
These options can now be set through the backend interface via administration >> settings >> advanced >>  security >> membership providers >> default >> parameters.

Adding a captcha to the login form:
There's a full fledged tutorial in the documentation that'll guide you through all the steps, you can find it here.

Limit access to the backend UI:
First of all, if you're not requiring backend access on the production servers (if you're using sitesync for example) there's an option in the backend to fully disable the backend ui. You can find it by going to Administration >> Settings >> Advanced >> System and toggle the "DisableBackendUI" option.  This will disable the full ui, and stores this selection in the systemconfig.config file where you can remove it if you need occasional access.

If you require constant access, there's a knowledge base article that describes how to set the backend up to allow only access for white-listed IP's. 


Hope this helps,
Jochem

Posted by Community Admin on 22-Jun-2016 00:00

Thank you Jochem! That article will be very useful.

This thread is closed