Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted March 18, 20223 yr Could you please help? ... May i know How to hide .............../admin to public? Regards,
March 20, 20223 yr I don't know how to hide it but you can use Cloudflare firewall rules to protect it. For example you can create a rule to only allow your IP or ISP to access the /admin/ url. This will make it very hard for attacker to hack your website.
March 20, 20223 yr Community Expert Could you please help? ... May i know How to hide .............../admin to public? Regards, What do you mean by hiding admin to public? Are you worried about the security? If so, you can use the required multi factor authentication to access the Admin Panel.
March 21, 20223 yr Check out the following guide: You can add the following to your constants.php file: Constant - CP_DIRECTORY Use - Name of your admin CP directory when changed from the default of 'admin' Example value - 'newcpdirectory'
March 21, 20223 yr Or even protect it via htaccess too: https://www.askapache.com/online-tools/htpasswd-generator/
March 28, 20223 yr Author Check out the following guide: You can add the following to your constants.php file: Constant - CP_DIRECTORY Use - Name of your admin CP directory when changed from the default of 'admin' Example value - 'newcpdirectory' Thank you so much for your info and help.....will try that.
March 28, 20223 yr CP_DIRECTORY is deprecated //-------------------------------------------------------------------------------------- // DEPRECATED OPTIONS: CHANGE AT YOUR OWN RISK // These constants were once customisable but their fucntionality should now be // considered deprecated. // AdminCP Obscurity Settings // It was once recommended for site owners to rename the directory for security // and set the CP_DIRECTORY constant so some links still work, the upgrader can put // files in the right place, etc. While it is still honoured, it is no longer recommended // as much more secure alternatives like two factor authentication now exist. 'CP_DIRECTORY' => 'admin', // The name of the directory where the AdminCP is
March 28, 20223 yr Sonya is correct. While renaming the admin folder is still possible at this time, the option to do so will be removed in an upcoming release, so please plan accordingly. We strongly recommend using 2FA for anyone that has ACP access.
April 28, 2024Apr 28 We strongly recommend using 2FA I tried the security questions. A very strange thing! I didn't understand how this would secure the account 🤔
April 28, 2024Apr 28 Community Expert I tried the security questions. A very strange thing! I didn't understand how this would secure the account 🤔 It adds another layer an attacker must overcome. Here’s a scenario in which this defense would prevent: A rather large number of people use the same usernames and passwords across multiple sites. If I get a list of credentials from another compromised site, I could try them on other sites like yours and because you used the same credentials… I now have access to your account without actually hacking your site/server/IPB instance. However with another set of questions, it’s much more likely the attacker would not have access to those as well and would be stopped. (It’s possible they could if they were targeting you specifically and had lots of info on you but it would stop those “attacks of opportunity”.) Now… it’s not as secure as something like having a 2FA implemented, but it’s better than nothing!
April 28, 2024Apr 28 Why didn't the IPB authors make sure that each user came up with individual questions for himself?
April 28, 2024Apr 28 Community Expert Why didn't the IPB authors make sure that each user came up with individual questions for himself? You can select from a list or make your own questions. The user would select a question and insert their own answer.
April 28, 2024Apr 28 Community Expert I'm making up a list of questions. And each user gives their own answer. Right? Yes. Users would supply their own answers, that is what makes it secure 🙂.
April 28, 2024Apr 28 Community Expert In addition, I would recommend asking unique questions… don’t use “what street did you grow up on?” for example. Generic questions can sometimes be figured out from looking at social media or other places.
June 4, 2024Jun 4 Could you please help? ... May i know How to hide .............../admin to public? Regards, htaccess it or change admin dir name htaccess and htpasswd
June 4, 2024Jun 4 change admin dir name This is no longer relevant. It is not recommended to do this. It is necessary to use two-factor authorization and protect the directory with a server password (htaccess and htpasswd).
June 11, 2024Jun 11 This is no longer relevant. It is not recommended to do this. It is necessary to use two-factor authorization and protect the directory with a server password (htaccess and htpasswd). true
