Post by allsop » Mon Jun 29, 2009 8:40 am

Hi. I've searched for this on the board, no luck, so here it goes.

I'd like to change the "admin" folder name for extra security. Would this be a simple task or a complete nightmare?
Last edited by i2Paq on Fri Nov 26, 2010 2:21 pm, edited 1 time in total.
Reason: Topic moved


Posts

Joined
Fri Jun 05, 2009 1:17 am

Post by phpuk » Mon Jun 29, 2009 8:55 am

If you are that worried simply protect it using a htaccess file it would be a lot easier.

Global Moderator

Posts

Joined
Wed Mar 25, 2009 10:57 am

Post by Chrissy Poo » Mon Jun 29, 2009 9:34 am

Yes use your .htaccess file.

You can set it to check the IP address and if its not yours it will redirect to another site.

Create a .htaccess file and put in your admin folder then paste this in the file:

Code: Select all

RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^68\.193\.195\.1
RewriteRule .* http://www.mybbstudios.com [R=301,L]
Change the IP address to yours and the bottom url to the page to redirect other ip addresses too :)

10% Discount on all Shared and Reseller Hosting Packages at Vidahost.com

Discount Code: DISCOUNT10



Posts

Joined
Mon Jun 29, 2009 8:48 am
Location - UK

Post by allsop » Tue Jun 30, 2009 4:09 am

Thank you.


Posts

Joined
Fri Jun 05, 2009 1:17 am

Post by phpuk » Tue Jun 30, 2009 4:54 am

No problem

Global Moderator

Posts

Joined
Wed Mar 25, 2009 10:57 am

Post by Danto » Tue Jun 30, 2009 5:20 pm

Chrissy Poo wrote:Yes use your .htaccess file.

You can set it to check the IP address and if its not yours it will redirect to another site.

Create a .htaccess file and put in your admin folder then paste this in the file:

Code: Select all

RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^68\.193\.195\.1
RewriteRule .* http://www.mybbstudios.com [R=301,L]
Change the IP address to yours and the bottom url to the page to redirect other ip addresses too :)
This will cause issues if your IP changes regularly, say every 24 or 48 hours like most people's do. You'll lock yourself out.


Posts

Joined
Sat Jun 27, 2009 1:23 pm

Post by Chrissy Poo » Tue Jun 30, 2009 6:35 pm

Yes you really need a static IP address for this to work. If you IP address does change you will have to download the file and adjust the IP address.

10% Discount on all Shared and Reseller Hosting Packages at Vidahost.com

Discount Code: DISCOUNT10



Posts

Joined
Mon Jun 29, 2009 8:48 am
Location - UK

Post by babaloo » Thu Jul 02, 2009 8:40 am

to change the admin name go to config.php in admin and change the name "admin":

// HTTP
define('HTTP_SERVER', 'http://localhost/upload129/HERE/');
define('HTTP_CATALOG', 'http://localhost/upload129/');
define('HTTP_IMAGE', 'http://localhost/upload129/image/');

// HTTPS
define('HTTPS_SERVER', '');
define('HTTPS_IMAGE', '');

// DIR
define('DIR_APPLICATION', 'C:\wamp\www\upload129/HERE/');
define('DIR_SYSTEM', 'C:\wamp\www\upload129/system/');
define('DIR_DATABASE', 'C:\wamp\www\upload129/system/database/');
define('DIR_LANGUAGE', 'C:\wamp\www\upload129/HERE/language/');
define('DIR_TEMPLATE', 'C:\wamp\www\upload129/HERE/view/template/');
define('DIR_CONFIG', 'C:\wamp\www\upload129/system/config/');
define('DIR_IMAGE', 'C:\wamp\www\upload129/image/');
define('DIR_CACHE', 'C:\wamp\www\upload129/cache/');
define('DIR_DOWNLOAD', 'C:\wamp\www\upload129/download/');
define('DIR_CATALOG', 'C:\wamp\www\upload129/catalog/');


and if you want you can still change the .htaccess

User avatar

Posts

Joined
Sun Mar 29, 2009 1:44 am

Post by babaloo » Sun Jul 05, 2009 6:14 am

don´t forget change the admin folder name of course : ;D

User avatar

Posts

Joined
Sun Mar 29, 2009 1:44 am

Post by wooody » Sat Jun 19, 2010 6:44 pm

babaloo wrote:don´t forget change the admin folder name of course : ;D
haha,, nice explain.


Posts

Joined
Tue Jun 15, 2010 4:06 pm

Post by RyanS » Wed Jul 14, 2010 6:38 am

Hi all!
I know I am coming into this late, but why not use the normal htaccess/htpasswd combo here?

For example, htaccessfile:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/my/.htpasswd
AuthGroupFile /dev/null
require valid-user

and in the .htpasswd file something like:
AdminX:phN.cMiLqAHlw

Or am I missing something?

Cheers!
R

OC 1.4.9.1 - Yes, I know I should upgrade but I have changed /added a lot of custom code :(



Posts

Joined
Sat Jun 12, 2010 6:12 am

Post by RHTDM » Thu Nov 25, 2010 9:42 pm

Dear All,

I also want to change admin name. But instead of that is there is another way for my security?

Regards
Vilas


Posts

Joined
Thu Oct 21, 2010 2:28 am

Post by al3xandr1a » Fri Nov 26, 2010 10:22 am

Yeah, it would be nice if there is a module of some sort to do this security stuffs automatically -not just hiding the admin URL access. :drunk:

~al3xandr1a
Newbie / Student


User avatar

Posts

Joined
Fri Jul 02, 2010 7:27 pm

Post by barblask » Tue May 31, 2011 9:15 pm

to change the admin name go to config.php in admin and change the name "admin":

// HTTP
define('HTTP_SERVER', 'http://localhost/upload129/HERE/');
define('HTTP_CATALOG', 'http://localhost/upload129/');
define('HTTP_IMAGE', 'http://localhost/upload129/image/');

// HTTPS
define('HTTPS_SERVER', '');
define('HTTPS_IMAGE', '');

// DIR
define('DIR_APPLICATION', 'C:\wamp\www\upload129/HERE/');
define('DIR_SYSTEM', 'C:\wamp\www\upload129/system/');
define('DIR_DATABASE', 'C:\wamp\www\upload129/system/database/');
define('DIR_LANGUAGE', 'C:\wamp\www\upload129/HERE/language/');
define('DIR_TEMPLATE', 'C:\wamp\www\upload129/HERE/view/template/');
define('DIR_CONFIG', 'C:\wamp\www\upload129/system/config/');
define('DIR_IMAGE', 'C:\wamp\www\upload129/image/');
define('DIR_CACHE', 'C:\wamp\www\upload129/cache/');
define('DIR_DOWNLOAD', 'C:\wamp\www\upload129/download/');
define('DIR_CATALOG', 'C:\wamp\www\upload129/catalog/');


and if you want you can still change the .htaccess
This is good solution.

As a extra tip after that, it is good to make new catalog, called admin (empty), and put there 2 files:

.htaccess

Code: Select all

AuthUserFile /home/user/opencart/admin/.htpasswd
AuthGroupFile /dev/null
AuthName "Username:"
AuthType Basic

<limit GET POST>
require valid-user
</limit>
And second,
.htpasswd (empty)

Code: Select all

 
Nice litle suprise for hacker. While he try hack empty folder ur real admin catalog is by still safe, bicouse he dont looking for it ;-]

User avatar

Posts

Joined
Thu Sep 16, 2010 5:42 pm


Post by RyanS » Tue May 31, 2011 10:09 pm

barblask wrote: As a extra tip after that, it is good to make new catalog, called admin (empty), and put there 2 files:

.htaccess

Code: Select all

AuthUserFile /home/user/opencart/admin/.htpasswd
AuthGroupFile /dev/null
AuthName "Username:"
AuthType Basic

<limit GET POST>
require valid-user
</limit>
And second,
.htpasswd (empty)

Code: Select all

 
Nice litle suprise for hacker. While he try hack empty folder ur real admin catalog is by still safe, bicouse he dont looking for it ;-]
Haha!

Good idea! I like the way you think >:D

OC 1.4.9.1 - Yes, I know I should upgrade but I have changed /added a lot of custom code :(



Posts

Joined
Sat Jun 12, 2010 6:12 am

Post by quokka » Mon Jun 20, 2011 4:27 pm

Thanks a lot!
I like this fix! :laugh:


Posts

Joined
Thu May 05, 2011 4:46 pm

Post by Chitranjan » Mon Jul 18, 2011 7:30 pm

Hi barblask -

Thanks for the post , i have changed the admin foldername and its working fine.

After that i have created a Admin forlder in my root directory with two file .htaccess and .htpasswd.

but i have query , after doing these changes how my page will look like when i ping it http://www.storename\admin

please help


Posts

Joined
Tue Jun 28, 2011 4:33 pm

Post by lunja » Fri Sep 16, 2011 12:18 am

is this workin in 1.5.1 or later? i dont think so... because, i have this in my config file

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'http://demothis.com/');
define('HTTP_IMAGE', 'http://demothis.com/image/');
define('HTTP_ADMIN', 'http://demothis.com/admin/');

// HTTPS
define('HTTPS_SERVER', 'http://demothis.com/');
define('HTTPS_IMAGE', 'http://demothis.com/image/');

// DIR
define('DIR_APPLICATION', '/demothis/public_html/demothis/catalog/');
define('DIR_SYSTEM', '/demothis/public_html/demothis/system/');
define('DIR_DATABASE', '/demothis/public_html/demothis/system/database/');
define('DIR_LANGUAGE', '/demothis/public_html/demothis/catalog/language/');
define('DIR_TEMPLATE', '/demothis/public_html/demothis/catalog/view/theme/');
define('DIR_CONFIG', '/demothis/public_html/demothis/system/config/');
define('DIR_IMAGE', '/demothis/public_html/demothis/image/');
define('DIR_CACHE', '/demothis/public_html/demothis/system/cache/');
define('DIR_DOWNLOAD', '/demothis/public_html/demothis/download/');
define('DIR_LOGS', '/demothis/public_html/demothis/system/logs/');

// DB
define('DB_DRIVER', 'mysql');
define('DB_HOSTNAME', 'localhost');
define('DB_USERNAME', 'demothis');
define('DB_PASSWORD', 'demothis');
define('DB_DATABASE', 'demothis_demothis');
define('DB_PREFIX', 'demothis_');
?>
and if i change just

Code: Select all

define('HTTP_ADMIN', 'http://demothis.com/admin/');
and admin directory name my site wont open.. at all.... so, what shall i do... i mean i have opencart installed for while now. do i have to do that change before installing opencart or?
thanx for answ me :D :)


Posts

Joined
Fri Aug 26, 2011 6:15 am

Post by Chaniyth » Mon Sep 19, 2011 10:54 pm

lunja wrote:is this workin in 1.5.1 or later? i dont think so... because, i have this in my config file

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'http://demothis.com/');
define('HTTP_IMAGE', 'http://demothis.com/image/');
define('HTTP_ADMIN', 'http://demothis.com/admin/');

// HTTPS
define('HTTPS_SERVER', 'http://demothis.com/');
define('HTTPS_IMAGE', 'http://demothis.com/image/');

// DIR
define('DIR_APPLICATION', '/demothis/public_html/demothis/catalog/');
define('DIR_SYSTEM', '/demothis/public_html/demothis/system/');
define('DIR_DATABASE', '/demothis/public_html/demothis/system/database/');
define('DIR_LANGUAGE', '/demothis/public_html/demothis/catalog/language/');
define('DIR_TEMPLATE', '/demothis/public_html/demothis/catalog/view/theme/');
define('DIR_CONFIG', '/demothis/public_html/demothis/system/config/');
define('DIR_IMAGE', '/demothis/public_html/demothis/image/');
define('DIR_CACHE', '/demothis/public_html/demothis/system/cache/');
define('DIR_DOWNLOAD', '/demothis/public_html/demothis/download/');
define('DIR_LOGS', '/demothis/public_html/demothis/system/logs/');

// DB
define('DB_DRIVER', 'mysql');
define('DB_HOSTNAME', 'localhost');
define('DB_USERNAME', 'demothis');
define('DB_PASSWORD', 'demothis');
define('DB_DATABASE', 'demothis_demothis');
define('DB_PREFIX', 'demothis_');
?>
and if i change just

Code: Select all

define('HTTP_ADMIN', 'http://demothis.com/admin/');
and admin directory name my site wont open.. at all.... so, what shall i do... i mean i have opencart installed for while now. do i have to do that change before installing opencart or?
thanx for answ me :D :)


You need to also change the information in the file /admin/config.php as well. Then it should work. :)


Posts

Joined
Sun Sep 18, 2011 6:03 am

Post by iHandler » Mon Sep 19, 2011 11:13 pm

I think you can set "Password Protected" area for the admin login. You can do it in cPanel.

1st Login - Password Protected area
*Username & Password can be saved so next time you entry the site.

2nd Login - http://www.yoursite.com/store/admin/index.php

Personally, I like this way since you don't need to rename the original folder, even if you rename to another folder, the "hacker" can use "scan script" to scan which one the admin folder is.

Also, if you use .htaccess file, you need to maintain this file and it could be a headache in the future. (need to remember it).

Try to go to some other major B2C retail stores and "check it", you will see they use this method quite common. Hope this helps ~


Posts

Joined
Sun Sep 18, 2011 11:36 pm
Who is online

Users browsing this forum: No registered users and 26 guests