How To Disable Sitecore Admin From Your Content Delivery Servers

When you work with any CMS platform, in order for a content editor to access the CMS, they have to type in the back-end URL into a browser; with Sitecore this URL will look like this:

www.website.com/sitecore
The whole point of a website is so people can come and take a look at your site and out of the box, anyone can access this URL. This means if some clever dick typed /Sitecore to the end of your domain they will get access to the login page. If they combine this with a brute forcing technique they may eventually get access to the backend. For this reason, it's always best practice to prevent a site visitor, or anyone external to your company, from accessing the admin login page. If you run your Sitecore environment in a staging/live environment then this is pretty easy. You can disable the Sitecore admin on the live nodes and keep it open in your auth/staging environment. sitecore_Authoring_Enviroment Exposing the Sitecore backend to the whole world adds quite a big security vulnerability. The quick and easy way to lock an environment down is via IIS authentication. In IIS, open up your website and open the Sitecore folder. sitecore_Authoring_Enviroment_1 Select the 'Admin' folder and select 'Authentication'. sitecore_Authoring_Enviroment_2 From the authentication dialog, make sure Anonymous Authentication is set to disable. You also need to repeat this on the 'login' folder: sitecore_Authoring_Enviroment_3 After doing this, try to load your Sitecore admin. sitecore_Authoring_Enviroment_4 When you try and view the back-end Sitecore login page you will now see 401.2 - Unauthorized error, instead of the Sitecore log-in page.

Jon D Jones

Software Architect, Programmer and Technologist Jon Jones is founder and CEO of London-based tech firm Digital Prompt. He has been working in the field for nearly a decade, specializing in new technologies and technical solution research in the web business. A passionate blogger by heart , speaker & consultant from England.. always on the hunt for the next challenge

Back to top