Jump to content
Holiday Closing, Support Availability Notice ×

Any value in renaming the admin directory?

Square Wheels

By Square Wheels
in Feedback

Recommended Posts

Square Wheels Experienced

Square Wheels

Posted
Posted

I believe one of the security suggestions in the ACP is to rename the admin directory.  Even if I do that' it's very easy to expose it.

On my two sites, if I go to any post and simply add a number to the URL (https://MySite.com/index.php?/topic/50809X-some-post) and hit enter, I get an error message that says Get Support on the bottom.  If I click that link, it tries to log me in to my ACP.

Is it me?  Did I set up something incorrectly?

Daniel F Grand Master

Daniel F

Posted
Posted
3 minutes ago, Square Wheels said:

I believe one of the security suggestions in the ACP is to rename the admin directory.  Even if I do that' it's very easy to expose it.

On my two sites, if I go to any post and simply add a number to the URL (https://MySite.com/index.php?/topic/50809X-some-post) and hit enter, I get an error message that says Get Support on the bottom.  If I click that link, it tries to log me in to my ACP.

Is it me?  Did I set up something incorrectly?

Do you see this also as guest / normal member? AFAIK only administrators with ACP access see the  'get support' message.

Square Wheels Experienced

Square Wheels

Posted
  • Author
Posted
2 hours ago, Daniel F said:

Do you see this also as guest / normal member? AFAIK only administrators with ACP access see the  'get support' message.

Not surprisingly, you are correct.  I logged it now I see the Contact Us at the bottom of the error message.

Thanks!

  • 2 years later...
Jennifer M Apprentice

Jennifer M

Posted
Posted

As long as you are self hosted you'd create a custom constants.php. We only recommend this for advanced users as it can break your entire site. The specific one is CP_DIRECTORY:

 

We honestly think instead of moving the location of the ACP you should just use 2FA instead to secure your ACP.

Pete T Mentor

Pete T

Posted
Posted
1 hour ago, Jennifer M said:

As long as you are self hosted you'd create a custom constants.php. We only recommend this for advanced users as it can break your entire site. The specific one is CP_DIRECTORY:

 

We honestly think instead of moving the location of the ACP you should just use 2FA instead to secure your ACP.

Or you could use a password for directory again need be self hosted.

SJ77 Veteran

SJ77

Posted
Posted
25 minutes ago, Ryan Ashbrook said:

Personally, I recommend Two Factor Authentication with Google Authenticator or Authy. That way it's tied to your mobile device.

If one loses their phone and they have forced Google Auth, can this situation ever be fixed?

CyanideBurial Enthusiast

CyanideBurial

Posted
Posted

I actually asked support about this and they told me

"Hello.

The feature whereby the admin panel URL could be renamed is being deprecated in an upcoming version, so we strongly recommend not doing that.

We suggest you instead enable and force the use of Two Factor Authentication (2FA) for anyone who has access to the Admin Panel.

It is far more secure than merely renaming the admin directory. Google Auth is the most common authenticator app and available on all phones now.

On the off chance that one of your staff does not have a mobile phone, when they first setup 2FA they can choose 3 questions from a provided list, with answers that only they would know, rather than use the auth app"

  • 2 weeks later...
sudo Mentor

sudo

Posted
Posted
On 8/13/2019 at 5:40 PM, SJ77 said:

If one loses their phone and they have forced Google Auth, can this situation ever be fixed?

Authy also has a Chrome app allowing you to get the codes without dragging your phone out. Its password protected as well and if you phone goes AWOL you can restore it on the new phone.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...