Ok I agree with you in some subjects, but some questions were raised about you, also you helped me to make my admin are 1000% more secure. I use the two account login system now, login as regular user to regular user account, that has admin unique parameter. And after logged in to the account I can see the admin login at /admin(no more 404 error page), so now I can enter admin logins and access the admin area(so two accounts need to be active to browse admin).
Anyways I removed the IP access, itâs deprecated in future anyways. I donât get that If I want to add extra IP security to anywhere, you say it is pointless and doesnât do any good for the security?
Nothing is 100% secure, but you can add EXTRA(additional) security example through IP or any other means from hiding through extra passwords etc , why not?
If an hacker gets through the IP system the next step is the login system, so, at least he needed to crack the IP system before he can start cracking the login system, itâs called EXTRA security, donât make hackers life easier, but harder, using any means possible. If I talk about IP-s I talk about additional security option .
You have only one login away to access your admin commands, and people use the same login page as admins? I also seen these sitesâŚ
If your users somehow crack your script like:
Some little script hole, like if your admin account is using the same MySQL table as a regular user, old script. it would be a security risk, because all accounts can update the table.
and this is one security issues why I use separate admin controls and db table or both. Programmed online shopping carts and other widely used scripts are actually not as secure they can make them, because they need to make everything as simple as possible for the clients.
IP isnât safe thing, nothing like that, it never has been safe solution, itâs more like a forced solution against SPAM. no other option is possible, sessions and cookies are more pointless than IPâs in subject of preventing SPAM and user abuse.
If you have any means that are better than IP monitoring(not talking about account security in this case), please let me know.