Jump to content

Why is the ACP So insecure if you have my password?

Featured Replies

  • Management

It's also worth mentioning that IPS4 has tools to allow you to rename the admin directory and to add .htaccess authentication to the admin directory if you are concerned with password stealing and so on.

  • Replies 53
  • Views 5.1k
  • Created
  • Last Reply
46 minutes ago, Daniel F said:

You can already use the NO_WRITES constant which will disable following features:

  • installing new theme
  • installing apps
  • installing hook
  • installing editor plugins

@Jimmy Gavekort That should do exactly what you want. :thumbsup:

  • Author
3 hours ago, Daniel F said:

You can already use the NO_WRITES constant which will disable following features:

  • installing new theme
  • installing apps
  • installing hook
  • installing editor plugins

Yes, but would that prevent template editing? I don't think so?

And what folders to be specific should I do that?

Just edit the config file to unlock and the when done just edit the config file to lock again. Still does exactly what you want plus adds more security because the hacker would have to know to unlock the no_writes constant. This adds that extra hurdle to tripping up a hacker.

Most likely add that to conf_global.php file.

Archived

This topic is now archived and is closed to further replies.

Recently Browsing 0

  • No registered users viewing this page.