MyBB Central

Full Version: Admin Security
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
How could I make my /admin/ directory secure?

Would renaming the directory effect my boards? If it does, how would I fix those effects?

Are there other ways of making it more secure other than renaming it?
Yes, renaming it to something is very helpful. Go to file manager, and replace the directory to whatever you want. Once you're done, open up config.php located in 'inc' directory. Find something like $config['admin_dir'] = 'admin';, and replace admin to whatever you changed directory too.
You can also edit .htaccess in your admin directory. If I were you, i'd also protect the config.php file from external locations, so you can only access it from your forum, and not from anywhere else.
How do I protect config.php from external locations? Also, thanks Smile
Create .htaccess in your inc directory, and edit it by adding the code below.
Code:
# Protect config.php from external acess
<files config.php>
Order deny,allow
deny from all
</files>
(Apr 27, 2011, 04:43 PM)peter chao Wrote: [ -> ]Create .htaccess in your inc directory, and edit it by adding the code below.
Code:
# Protect config.php from external acess
<files config.php>
Order deny,allow
deny from all
</files>

Would I create a .htaccess.php file and then upload it? (I honestly have no clue how to create a .htaccess file :/)
I changed the /admin directory to a custom name, for this example ill just call it pasta.

As mentioned above "Once you're done, open up config.php located in 'inc' directory. Find something like $config['admin_dir'] = 'admin';, and replace" it with $config['admin_dir'] = 'pasta';.

The .htaccess file isnt a php file, its simply called .htaccess. If your IP doesnt change, you can set it up so that only your IP address can access the AdminCP. Multiple IP addresses can be added aswell if you want to add more admins.
So create a new text file, and paste the following the code into it.
Code:
order deny,allow
deny from all
allow from 888.888.888.888
Replace the 888... with your external IP address.
Save it as .htaccess, and get rid of a file extension which will most likely be .txt if you created a text file.
After saving it, upload it to the new admin directory "/pasta" so the file should be located "forumroot/pasta/.htaccess".

If your looking for more security, there are plugins around that create a fake admin page, so that when its accessed the login screen is shown as usuall but when someone trys to log into it, you are sent an email with the IP address, username and password used by the person trying to access the fake page.

That should enough to keep your forum secure. Just make sure you do regular backups just incase someone trys to sgl inject your forum.
Ah I see. Thanks. Smile
yess Ok Thanks for you!