How to restrict access to OpenCart admin panel only to specified IPs
Last week one of my OpenCart online stores got quite an unusual amount of traffic. Unfortunatelly this was not the traffic I wanted to have - some bot was trying to login to my store's admin panel using brute-force.
I stopped all of that traffic in just a few minutes. Here's example how you can do the same thing too without any third party extensions or other external tools.
How to prevent access to OpenCart admin panel from unknown IP addresses
This solution might not be ideal for stores with multiple admin login accounts, or administrators who work on the store from different IP addresses all the time. But for those who always use the same computers or mobile devices to access OpenCart admin panel it should be an easy way to prevent unwanted traffic to admin/ section of the store.
What you need to do is open .htaccess file in your store's public (or public_html) folder using Filezilla or other FTP software, and after line RewriteEngine On add this code:
RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{REMOTE_ADDR} !=100.101.102.103
RewriteRule ^(.*)$ - [R=403,L]
Don't forget to replace 100.101.102.103 with your IP address.
Logic behind the code is simple - if someone tries to open /admin in your store, and their IP is not 100.101.102.103, show them that access to this page or directory is forbidden.
If you want to add multiple IP addresses you just need to add more RewriteCond lines like here:
RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{REMOTE_ADDR} !=100.101.102.103
RewriteCond %{REMOTE_ADDR} !=200.201.202.203
RewriteCond %{REMOTE_ADDR} !=220.221.222.223RewriteRule ^(.*)$ - [R=403,L]
This way you'll be able to access OpenCart admin section from, for example, your home IP address, your smartphone, and your office IP address.
How to find out what is your IP address
If you have no idea what's your IP address, the easiest way to find out is to enter what is my ip address to Google, or visit https://whatismyipaddress.com/ .
You can check what is your phone's IP address the same way. Just don't forget to disconnect from WiFi while doing it - otherwise you'll see not your phone's but WiFi network IP address.