Elxis CMS Forum

Support => General => Topic started by: Fragrancer on October 13, 2008, 04:43:29

Title: How to change administrator folder?
Post by: Fragrancer on October 13, 2008, 04:43:29

I wanted to change administrator foulder, because that is so default ( www/domain/administrator), the problem isn`t that i don`t trust to Elxis security, main problem is, that i don`t like defaults.


I supouse, i have two ways, how to do it.

1. Core hack [this sounds brutal]
or
2. adding some line to .htaccess [ i know how to redirect, but how to deny direct access to elxisrooot/administrator ? ]


Anybody have experience with this ? Any suggestion?



Sorry if this post seems duplicated, i used search, but i found only non-English topic releated with my question.
And also sorry for my English, it is not my native language.

Title: Re: How to change administrator folder?
Post by: datahell on October 13, 2008, 09:55:05

I suggest you to leave it as is, Elxis administration is very secure. Hackers do not attack directly administration area as it is almost impossible to be hacked. Most attacks are sql injections, tries to upload files to temporary directories, and global variables modifications. No one tries to break a login form.

You can enable administration login page cloaking feature that will hide the login form to all except thoe that know where it is.
https://forum.elxis.org/index.php?topic=1876.0 (https://forum.elxis.org/index.php?topic=1876.0)
When finish you will have something like this:
https://www.elxis.org/administrator/ (https://www.elxis.org/administrator/)

If you wish you can password protect administrator directory using htaccess. You can easily do this via most control panels. If you wish to do it manually:
http://www.addedbytes.com/apache/password-protect-a-directory-with-htaccess/ (http://www.addedbytes.com/apache/password-protect-a-directory-with-htaccess/)
http://www.freewebmasterhelp.com/tutorials/htaccess/3 (http://www.freewebmasterhelp.com/tutorials/htaccess/3)

Notice 1: If you password protect administrator directory you might face some problems as some front-end scripts use back-end files via http and they will not be able to access them.
Notice 2: Even if you rename administrator directory some one can easily find it with a site scan. So, it is useless to rename it. Real hackers (and not script kiddies) know many ways to bypass security restrictions. Elxis security is strong enough to deal with the 99.999999% of the attacks.

Title: Re: How to change administrator folder?
Post by: rentasite on October 13, 2008, 13:24:05

Quote from: Fragrancer on October 13, 2008, 04:43:29

the problem isn`t that i don`t trust to Elxis security, main problem is, that i don`t like defaults.

First of all welcome! And secondly... start trusting Elxis  ;) ;D

As datahell said, enable the login page cloaking.