[Solved]Admin login from site

[jasnick]

Using 1.10.3

A client wants to be able to login to the admin area from a link on the site. I can put a link to the login page but how secure is it? It reveals the name of the admin directory.

Thanks

[staartmees]

make the username an the password as secure as possible. So don't use admin but e.g. JoHnDOe

use a random generated password - http://freepasswordgenerator.com/ - with at least 16 characters, e.g. ECMV3pTvDFkPnhHC or k9DA/d<p:HS/u@kb

The longer your password is, the harder it is to guess.
http://www.symantec.com/connect/article ... -practices

[jasnick]

use a random generated password - http://freepasswordgenerator.com/ - with at least 16 characters, e.g. ECMV3pTvDFkPnhHC or k9DA/d<p:HS/u@kb

Yes, that's what I usually use for these things but the client doesn't like that idea - he wants something he can remember

I am meeting with him tomorrow and will suggest he goes along with the idea of a strong password and unusual username or he is in danger of getting his site hacked.

Thanks for the reply.

[staartmees]

password you can remember ain't safe

[jasnick]

Exactly!

[chrisbt]

At least hide the link in javascript so that it is a bit harder for site scrapers to get hold of it.

[jasnick]

Thanks chrisbt - how do I do that?

[Dr.CSS]

I've had a log in on my home page for a long time and if you put the wrong name/password it goes to the normal admin/login page and I've never been hacked from there...

It used to be in the lower left of the sidebar, I've made it a fancybox pop up, the link is now just an image...

[jasnick]

What a clever idea, Dr.CSS ! I'll try an image!

Thanks