Jump to content

Guides

Hiding the AdminCP

In older versions of Invision Community, the AdminCP provided an option to rename the /admin directory, hide the link to it on the front-end, and to add an additional username/password not specific to any particular user to access it. This provided an additional layer of security against someone gaining access to your AdminCP if they were able to find out your password.

This is a technique known as "security through obscurity" and while it has some effectiveness, Invision Community has more recently added support for Two Factor Authentication which is a much more modern and secure way of adding an additional layer of protection to your AdminCP. We recommend that all communities enable Two Factor Authentication for their administrators and move away from older security through obscurity techniques. You can set up Two Factor Authentication by going to AdminCP -> System -> Settings -> Two Factor Authentication.

If you do want to keep using the older security through obscurity techniques, this can still be done through configuration in constants.php. These methods will only work on self-hosted communities and are not available for Community in the Cloud communities.

 

To rename the /admin directory

  1. Actually rename the directory. Connect to your server via FTP and then browse to the directory your community is in. Locate the 'admin' directory. Choose 'rename' from your FTP client menu and rename it to whatever you like.
  2. Create a constants.php file with an opening <?php tag as described in the Using constants.php guide and add the following line to it, replacing "admin" with your new directory name. Save the file and upload it to your server in the same directory as conf_global.php.
define( 'CP_DIRECTORY', 'admin' );

 

To hide the link to the AdminCP

Create a constants.php file with an opening <?php tag as described in the Using constants.php guide and add the following line to it. Save the file and upload it to your server in the same directory as conf_global.php.

define( 'SHOW_ACP_LINK', FALSE );

 

To add an additional username/password

This will only work on Apache servers (to find out if you are using an Apache server, contact your hosting provider or system administrator).

  1. Connect to your server via FTP and then browse to the directory your community is in. Locate the 'admin' directory. In this directory, create a file called ".htaccess" with the contents below.
  2. In the same directory, create a file called ".htpasswd". Use this website to generate the correct contents.

Contents for .htaccess (replace /path/to/your/admin/directory/ with the correct path - contact your hosting provider or system administrator if you are unsure what to use):

ErrorDocument 401 "Unauthorized Access"
AuthType Basic
AuthName "Invision Community AdminCP"
AuthUserFile "/path/to/your/admin/directory/.htpasswd
Require valid-user

 

Edited by Mark

  Report Guide


×