I been thinking about the ways to improve the security of Waterhole and it would be nice if people can share their own tips / comment on mine.
Is it worth to restrict access to administration page with .htpasswd? Any potential issue or problems?
<Files "cp">
AuthType Basic
AuthName "Restricted Area"
AuthUserFile path/to/your/.htpasswd
Require valid-user
</Files>Another option would be just to limit access to /cp from specific IP's through .htaccess, but I haven' tested it.
1 Comment
Waterhole already requires the user to confirm their password when accessing the CP, so if you have a secure password it should already be pretty hardened. Multi-factor authentication is on the roadmap.
Probably not worth doing HTTP Basic Auth IMO, because it's not very secure. Restricting access per IP address could be a good extra measure.