basilicom-pimcore-plugin/protected-admin

A Pimcore plugin that requires a basic auth challenge prior to granting access to the admin backend.

dev-master 2016-08-10 07:45 UTC

This package is auto-updated.

Last update: 2024-12-09 22:43:08 UTC


README

Developer info: Pimcore at basilicom

Synopsis

This Pimcore http://www.pimcore.org plugin requires http basic authentication prior to granting admin access. Username and password can be set via Website Settings.

Code Example / Method of Operation

After installing the plugin there are new website settings available (under Settings > Website): protectedAdminUser, protectedAdminPassword. Set them accordingly.

Motivation

Even though Pimcore comes with great security it still makes sense to prevent access to admin through the main domain, especially to any bots, script kiddies, etc.

Installation

Add "basilicom-pimcore/protected-admin" as a requirement to the composer.json in the toplevel directory of your Pimcore installation. Then enable and install the plugin in Pimcore Extension Manager (under Extras > Extensions)

Example:

{
    "require": {
        "basilicom-pimcore-plugin/protected-admin": ">=1.0.0"
    }
}

Troubleshooting

In case you lose access to the admin area due to misconfiguration you have two options:

  • disable plugin by editing /website/var/config/extensions.xml (change the value to 0 or delete the whole line)
  • remove the Website Settings by deleting the corresponding keys (protectedAdmin*)

Contributors

License

  • GNU General Public License version 3 (GPLv3)