
One of the best approaches to securing the Magento downloader section is to allow only specific IP addresses to reach that location. The code below will allow you to do just that. You should add the code below to the .htaccess file in [your root folder]/downloader.htaccess.
The Code
1 2 3 4 5 |
## Deny access to downloader section for all ips. Allow access only to those listed below: order deny,allow deny from all allow from XX.XX.XXX.XXX allow from XX.XX.XXX.XXX |
In the code above, you should replace the XX.XX.XXX.XXX with whatever your IP address is. Add additional lines below for each desired IP address.