Jump to content

How secure is the ACP? Any tips?

SJ77
SJ77
in Classic self-hosted technical help

Featured Replies

Posted

I have noticed lot's of failed ACP attempts.

How secure is the ACP? Are there any tips to harden security?

Thank you in advance.

  • Community Expert

There are a number of things you could do...

  • Require the use of 2FA for any account that can access the admin area.  
  • Rename the admin directory to something more obscure.  (/ugaboogatest)
  • Use a separate .htaccess password for the admin folder.
  • Limit access to the admin folder to only known/trusted IP addresses.
  • Use a Zero Trust solution to limit access to the admin folder (such as Cloudflare Teams)
    • Author
     

    There are a number of things you could do...

    • Require the use of 2FA for any account that can access the admin area.  
    • Rename the admin directory to something more obscure.  (/ugaboogatest)
    • Use a separate .htaccess password for the admin folder.
    • Limit access to the admin folder to only known/trusted IP addresses.
    • Use a Zero Trust solution to limit access to the admin folder (such as Cloudflare Teams)

    What are the steps I need to take to rename the admin directory?

    Please keep in mind that the ability to rename the ACP folder is going to be deprecated in a future release. We do not recommend doing that.

    Instead use the 2FA feature to secure your ACP, and you can also add an .htaccess  login form to its folder for an extra layer of protection.

    (If you want to be even more secure, and assuming your staff have IP Addresses which do not change frequently, you can use an "allow,deny" block in it with those IP's to further secure it.)

    • Author
     

    Please keep in mind that the ability to rename the ACP folder is going to be deprecated in a future release. We do not recommend doing that.

    (If you want to be even more secure, and assuming your staff have IP Addresses which do not change frequently, you can use an "allow,deny" block in it with those IP's to further secure it.)

    HI thank you for the information. I won't change the ACP in that case.

    Do you have some nginx specific tips?

     

    Use a Zero Trust solution to limit access to the admin folder (such as Cloudflare Teams)

    I'm using this on all my installations.

    • Author
     

    I'm using this on all my installations.

    Is there a resource to explain how to get this set up?

    Go to topic listing

    Recently Browsing 0

    • No registered users viewing this page.