Jump to content

Why is the ACP So insecure if you have my password?


OctoDev

Recommended Posts

  • Management
Posted

It's also worth mentioning that IPS4 has tools to allow you to rename the admin directory and to add .htaccess authentication to the admin directory if you are concerned with password stealing and so on.

  • Replies 53
  • Created
  • Last Reply
Posted
3 hours ago, Daniel F said:

You can already use the NO_WRITES constant which will disable following features:

  • installing new theme
  • installing apps
  • installing hook
  • installing editor plugins

Yes, but would that prevent template editing? I don't think so?

And what folders to be specific should I do that?

Posted

Just edit the config file to unlock and the when done just edit the config file to lock again. Still does exactly what you want plus adds more security because the hacker would have to know to unlock the no_writes constant. This adds that extra hurdle to tripping up a hacker.

Most likely add that to conf_global.php file.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...