How to prevent access of admin pages by knowing the admin page url?

Question

If someone knows my url of the admin page such as www.example.com/admin.php, then they will easily access the page by directly accesing that url. How to restrict this. Pleas

Answer 1

I will try to put a few of these answers together for you, depending on how your website is setup.

If it is a simpler website and you don't do any user handling or admin authentication, your main option is to do as igorp said and restrict based on the .htaccess file. You will get a popup asking for a predefined username and password, and only then will you have access to that particular page.

Again, this is good for a simpler website.

If it is more complex and you allow user logins to your site, you can setup access rights to various pages, based on the users access level.

For instance, in your administrative page(s), you would check the user's access level to see if he/she should be allowed to access the page. If he doesn't, redirect to an access denied type page. Otherwise, let them in.

With both of these methods, a user can browse directly to your administration pages and be required to go through some sort of validation. Either way, your admin pages will be protected.