Did an interesting install for someone today….
Like we all know, put something on the net, and it can be found. Having said that though, the security of any data is relative only to the abilities of the person trying to gain access. I’ve used .htaccess and passwords before, and I’ve helped a number of people set that up for their own sites. Had an email this morning from someone who wanted something slightly more secure – at least we think it is.
First, a .htaccess with password access was set up.
That lead to a link, which when clicked, used another .htaccess that checked the IP address, and that linked to the ‘secret’ page. Once they go to the wordpress-powered page, the tracking script (as written by DelyMyth) not only recorded all the visitors details, but it also sent an email to the site owner – that was the bit I added :)
Now I’m not going to pretend that this is super-secure, but doing it was interesting, and I was quite pleased with the email thing – might use that myself at some point …..
The one issue which we could not definitively work around was the inevitable referrers information that can be gleaned. There were “Exit” links for the visitors to use that lead to an innocuous page on this person’s site, but of course if they aren’t used ……… I guess that was what lead them to ask for 2 levels of .htaccess
Kept me busy for a while though !