Could you please help? ... May i know How to hide .............../admin to public?

Regards,

I don't know how to hide it but you can use Cloudflare firewall rules to protect it.

For example you can create a rule to only allow your IP or ISP to access the /admin/ url. 

This will make it very hard for attacker to hack your website.

On 3/18/2022 at 4:19 PM, FelixT said:

Could you please help? ... May i know How to hide .............../admin to public?

Regards,

What do you mean by hiding admin to public? Are you worried about the security? If so, you can use the required multi factor authentication to access the Admin Panel. 

You can also rename it.

Check out the following guide:

You can add the following to your constants.php file:

Constant - CP_DIRECTORY

Use - Name of your admin CP directory when changed from the default of 'admin'

Example value - 'newcpdirectory'

 

Or even protect it via htaccess too: https://www.askapache.com/online-tools/htpasswd-generator/

On 3/21/2022 at 8:07 AM, Chris Anderson said:

Check out the following guide:

You can add the following to your constants.php file:

Constant - CP_DIRECTORY

Use - Name of your admin CP directory when changed from the default of 'admin'

Example value - 'newcpdirectory'

 

Thank you so much for your info and help.....will try that.

CP_DIRECTORY is deprecated 

//--------------------------------------------------------------------------------------
// DEPRECATED OPTIONS: CHANGE AT YOUR OWN RISK
// These constants were once customisable but their fucntionality should now be
// considered deprecated.

// AdminCP Obscurity Settings
// It was once recommended for site owners to rename the directory for security
// and set the CP_DIRECTORY constant so some links still work, the upgrader can put
// files in the right place, etc. While it is still honoured, it is no longer recommended
// as much more secure alternatives like two factor authentication now exist.
'CP_DIRECTORY'	=> 'admin',	// The name of the directory where the AdminCP is

 

Sonya is correct. While renaming the admin folder is still possible at this time, the option to do so will be removed in an upcoming release, so please plan accordingly.

We strongly recommend using 2FA for anyone that has ACP access.

On 3/29/2022 at 12:32 AM, Mark H said:

We strongly recommend using 2FA

I tried the security questions. A very strange thing! I didn't understand how this would secure the account 🤔

22 minutes ago, Egorkin said:

I tried the security questions. A very strange thing! I didn't understand how this would secure the account 🤔

It adds another layer an attacker must overcome. Here’s a scenario in which this defense would prevent:

A rather large number of people use the same usernames and passwords across multiple sites.  If I get a list of credentials from another compromised site, I could try them on other sites like yours and because you used the same credentials… I now have access to your account without actually hacking your site/server/IPB instance. 

However with another set of questions, it’s much more likely the attacker would not have access to those as well and would be stopped. (It’s possible they could if they were targeting you specifically and had lots of info on you but it would stop those “attacks of opportunity”.)  Now… it’s not as secure as something like having a 2FA implemented, but it’s better than nothing!
 

Why didn't the IPB authors make sure that each user came up with individual questions for himself?

18 minutes ago, Egorkin said:

Why didn't the IPB authors make sure that each user came up with individual questions for himself?

You can select from a list or make your own questions. The user would select a question and insert their own answer. 

I'm making up a list of questions. And each user gives their own answer. Right?

3 minutes ago, Egorkin said:

I'm making up a list of questions. And each user gives their own answer. Right?

Yes. Users would supply their own answers, that is what makes it secure 🙂. 

10 minutes ago, Jim M said:

Yes.

And that's cool! I'll try it today, thanks! 👍

In addition, I would recommend asking unique questions… don’t use “what street did you grow up on?” for example.  Generic questions can sometimes be figured out from looking at social media or other places. 

Yes, asking "What is the name of the UK capital?" it would be strange 🤣

On 3/18/2022 at 4:19 PM, FelixT said:

Could you please help? ... May i know How to hide .............../admin to public?

Regards,

htaccess it or change admin dir name 

htaccess and htpasswd

 

8 minutes ago, wegorz23 said:

change admin dir name 

This is no longer relevant. It is not recommended to do this.

It is necessary to use two-factor authorization and protect the directory with a server password (htaccess and htpasswd).

On 6/4/2024 at 3:07 PM, Egorkin said:

This is no longer relevant. It is not recommended to do this.

It is necessary to use two-factor authorization and protect the directory with a server password (htaccess and htpasswd).

true