Is is safe to create a .htaccess in a folder in my website (example.com/thisfolderismine) and ONLY allow MY IP address?
My goal is to MAKE SURE that no one else than me access this folder. This is also a login in this folder but I’d rather take a crazy-full access protection.
Is this safe? Is there a way to hack this?
Note: I don’t care about not being able to access it from somewhere else.
My website is getting hacked by Ukraine, Vietnam, Philippines, Algeria, China in the last 4 months and these nolife are driving me nuts.
Also, is there a simple way to only allow IP/computers from ONLY Canada & USA? I don’t have clients anywhere else anyway.
Thanks a bunch
Joel
Kind of going in reverse order of your question:
While there may be some general association of geographic location to IP address range, you should not count on it.
What if one of your clients in Canada want to access your site through a proxy in Europe? You should use a “real” authentication method to verify users, not IP address.
Using specific IPs is better, assuming those users have static IPs. This not a safe assumption for a dial-up or DSL-based user, though (for example).
If you yourself have a static IP, then yes, it should be fine to limit access to a folder based on that. Of course if you ever release that IP or switch ISP, etc. you will have to update your website’s configuration. One more thing to have to remember.
You could also consider using a VPN and only limiting your page’s access to the local network (see anubhava’s answer – note the 192.168.XX.XX address).
Personally, I use a combination of HTTPS + username + good password for stuff like this.