Kinsta’s Managed WordPress Hosting customers can now restrict access to their websites via SFTP/SSH and to their phpMyAdmin database dashboards to clients connecting only from allowed IP addresses.
This security enhancement is in addition to other recent updates to SFTP/SSH configuration within the MyKinsta dashboard that help guard access to your websites. The earlier enhancements added support for:
- Disabling SFTP/SSH access.
- Disabling passwords as an authentication method.
- Auto-expiration of passwords.
- Downloading access configurations for use in third-party applications.
With the addition of IP allowlists for SFTP/SSH and phpMyAdmin, you can eliminate connection attempts from unknown IP addresses.
How to configure IP allowlists in MyKinsta
IP allowlists are managed on the Site Information page in MyKinsta, found under WordPress Sites > sitename > Info.
On the SFTP/SSH panel, you’ll find an edit icon to the right of the IP allowlist label. Click that icon to begin adding or deleting IP addresses that are permitted to connect for shell or SFTP access:
Clicking the edit icon to manage an SFTP/SSH IP allowlist.
Similarly, you can specify IPs permitted to access the phpMyAdmin tool by clicking the edit icon beside the IP allowlist label in the Database access panel:
Clicking the edit icon to manage a phpMyAdmin IP allowlist.
Clicking the allowlist edit icon on either panel will launch an Update IP allowlist dialog like the one below:
Adding an IP address to an allowlist in MyKinsta.
Build an allowlist by entering valid addresses in the Add IP addresses field and clicking the Add button.
Some tips:
- You can add multiple IP addresses at once by separating them with commas.
- You can specify an IP address block using the usual syntax. Example: 35.238.77.1/32.
When an allowlist is active for SFTP/SSH or phpMyAdmin, the number of IPs allowed will be shown on the service’s panel on the Site Information page:
This Database access panel indicates the phpMyAdmin allowlist contains two IPs.
Removing addresses from the IP allowlist
There are two ways to remove entries within the Update IP allowlist dialog:
- Click the trashcan icon beside individual entries.
- Use the checkboxes to select entries in the list and then click the red Remove IP address(es) button.
We take security seriously at Kinsta
Kinsta leverages the Google Cloud and Cloudflare to provide additional protection for customer websites, including firewalling, DDoS protection, and free wildcard SSL.
Independent auditors have also confirmed our compliance with System and Organization Controls (SOC) security standards. To learn more, read Kinsta’s SOC 2 Type II report. (You can Request it through our Trust report page.)
Get started with our secure environment by finding the best web hosting plan for you.
The post Lock down SFTP/SSH and phpMyAdmin access with IP allowlists appeared first on Kinsta®.
This is a companion discussion topic for the original entry at https://kinsta.com/changelog/ip-allowlists/