MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > How to make admin page secure?
Full Version: How to make admin page secure?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Dead Soulâ„¢

2011-08-22, 06:04 PM
Any ideas?

Steven

2011-08-22, 06:23 PM
Rename the default "admin" directory to something more obscure, then update /inc/config.php to reflect the new name (line 26, value of $config['admin_dir']).

You can also use Zash's Admin CP Honeypot modification.

Paul H.

2011-08-22, 06:28 PM
Password protect it with htaccess.

http://www.quickonlinetips.com/archives/...-htaccess/

Warrior01

2011-08-22, 06:31 PM
You need to think of what you want to change it to.

Say you wanted to change it from /admin to /mybbadmin

Open inc/config.php

and change

$config[admin_dir] = admin;

to

$config[admin_dir] = mybbadmin;

Then change the admin directory name to mybbadmin or whatever you chose.

Next, you should remove the adminCP link or else all of this is useless.

Navigate to Templates & Styles > Templates > Header Templates > header_welcomeblock_member_admin

Then remove this:
&mdash; <a href="{$mybb->settings['bburl']}/{$admin_dir}/index.php">{$lang->welcome_admin}</a>

Then your done.

Jason L.

2011-08-22, 06:32 PM
(2011-08-22, 06:31 PM)Warrior01 Wrote: [ -> ]You need to think of what you want to change it to.

Say you wanted to change it from /admin to /mybbadmin

Open inc/config.php

and change

$config[admin_dir] = admin;

to

$config[admin_dir] = mybbadmin;

Then change the admin directory name to mybbadmin or whatever you chose.

Next, you should remove the adminCP link or else all of this is useless.

Navigate to Templates & Styles > Templates > Header Templates > header_welcomeblock_member_admin

Then remove this:
&mdash; <a href="{$mybb->settings['bburl']}/{$admin_dir}/index.php">{$lang->welcome_admin}</a>

Then your done.

&mdash; <a href="{$mybb->settings['bburl']}/{$admin_dir}/index.php">{$lang->welcome_admin}</a>

Why would he do that? The Admin CP link is only visible to administrators........

faviouz

2011-08-22, 06:34 PM
Because if the hacker gains access to the admin account then he can easily get to the Admin CP. If you remove the link, it makes it a little bit harder. However, I do not recommend removing the link directly from the template. There's a setting in ./inc/config.php around line 70 for that.

Steven

2011-08-22, 06:36 PM
(2011-08-22, 06:34 PM)faviouz Wrote: [ -> ]Because if the hacker gains access to the admin account then he can easily get to the Admin CP. If you remove the link, it makes it a little bit harder. However, I do not recommend removing the link directly from the template. There's a setting in ./inc/config.php around line 70 for that.
Line 36, you mean. Wink

faviouz

2011-08-22, 06:40 PM
Yes, thank you. I tried to say it off my head but failed. Angel

Warrior01

2011-08-22, 06:46 PM
Yes, the reason someone would want to find the link to the ACP is because he has your account details, otherwise it would be useless. Removing the link would make it a bit harder. If you can't remember the link to type it in everytime, just write it in Notepad or on Pastebin.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > How to make admin page secure?