Protecting password files stored in the CMS

With the release of Page Safe 1.4.0, Joe has allowed you to use Total CMS to set the passcodes. When managing passcodes with Total CMS, they are stored in a plain text file inside the CMS. This text file is not listed anywhere and not easily discoverable, but it is still in a vulnerable spot. You can lock down this file and not make is accessible via the web with an htacccess rule. If you already have an .htaccess file on your server, then add this code to it:

<Files pagesafe.cms>
order allow,deny
deny from all
</Files>

If you do not already have a .htaccess file, it is very easy to make. Just use TextEdit, add that code to the file and save it as htaccess (do not add the period before the word or it will go invisible). Copy that to the main directory on your server. Once it is there, then add the period before the name and you will be good to go.

Now go forth and make your websites great!

Deal of the Week

Latest Updates

icon
Foundation 6
54459
Total CMS
137016
Sitelok
icon
Feeds API

Latest Live Stream

thumb

iFrame Tips and Tricks with the Offsite stack

Latest Design

HANGOUTS

Next Hangout Session
Friday, March 21

Subscribe

For product releases and updates by email, please subscribe below.

© 2025 Weavers Space | Terms of Service | Privacy Policy

HelpShelfHelpShelf