Hi. I've searched for this on the board, no luck, so here it goes.
I'd like to change the "admin" folder name for extra security. Would this be a simple task or a complete nightmare?
I'd like to change the "admin" folder name for extra security. Would this be a simple task or a complete nightmare?
Last edited by i2Paq on Fri Nov 26, 2010 2:21 pm, edited 1 time in total.
Reason: Topic moved
Reason: Topic moved
Yes use your .htaccess file.
You can set it to check the IP address and if its not yours it will redirect to another site.
Create a .htaccess file and put in your admin folder then paste this in the file:
Change the IP address to yours and the bottom url to the page to redirect other ip addresses too
You can set it to check the IP address and if its not yours it will redirect to another site.
Create a .htaccess file and put in your admin folder then paste this in the file:
Code: Select all
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^68\.193\.195\.1
RewriteRule .* http://www.mybbstudios.com [R=301,L]
10% Discount on all Shared and Reseller Hosting Packages at Vidahost.com
Discount Code: DISCOUNT10
This will cause issues if your IP changes regularly, say every 24 or 48 hours like most people's do. You'll lock yourself out.Chrissy Poo wrote:Yes use your .htaccess file.
You can set it to check the IP address and if its not yours it will redirect to another site.
Create a .htaccess file and put in your admin folder then paste this in the file:
Change the IP address to yours and the bottom url to the page to redirect other ip addresses tooCode: Select all
RewriteEngine On RewriteBase / RewriteCond %{REMOTE_HOST} !^68\.193\.195\.1 RewriteRule .* http://www.mybbstudios.com [R=301,L]
Yes you really need a static IP address for this to work. If you IP address does change you will have to download the file and adjust the IP address.
10% Discount on all Shared and Reseller Hosting Packages at Vidahost.com
Discount Code: DISCOUNT10
to change the admin name go to config.php in admin and change the name "admin":
// HTTP
define('HTTP_SERVER', 'http://localhost/upload129/HERE/');
define('HTTP_CATALOG', 'http://localhost/upload129/');
define('HTTP_IMAGE', 'http://localhost/upload129/image/');
// HTTPS
define('HTTPS_SERVER', '');
define('HTTPS_IMAGE', '');
// DIR
define('DIR_APPLICATION', 'C:\wamp\www\upload129/HERE/');
define('DIR_SYSTEM', 'C:\wamp\www\upload129/system/');
define('DIR_DATABASE', 'C:\wamp\www\upload129/system/database/');
define('DIR_LANGUAGE', 'C:\wamp\www\upload129/HERE/language/');
define('DIR_TEMPLATE', 'C:\wamp\www\upload129/HERE/view/template/');
define('DIR_CONFIG', 'C:\wamp\www\upload129/system/config/');
define('DIR_IMAGE', 'C:\wamp\www\upload129/image/');
define('DIR_CACHE', 'C:\wamp\www\upload129/cache/');
define('DIR_DOWNLOAD', 'C:\wamp\www\upload129/download/');
define('DIR_CATALOG', 'C:\wamp\www\upload129/catalog/');
and if you want you can still change the .htaccess
// HTTP
define('HTTP_SERVER', 'http://localhost/upload129/HERE/');
define('HTTP_CATALOG', 'http://localhost/upload129/');
define('HTTP_IMAGE', 'http://localhost/upload129/image/');
// HTTPS
define('HTTPS_SERVER', '');
define('HTTPS_IMAGE', '');
// DIR
define('DIR_APPLICATION', 'C:\wamp\www\upload129/HERE/');
define('DIR_SYSTEM', 'C:\wamp\www\upload129/system/');
define('DIR_DATABASE', 'C:\wamp\www\upload129/system/database/');
define('DIR_LANGUAGE', 'C:\wamp\www\upload129/HERE/language/');
define('DIR_TEMPLATE', 'C:\wamp\www\upload129/HERE/view/template/');
define('DIR_CONFIG', 'C:\wamp\www\upload129/system/config/');
define('DIR_IMAGE', 'C:\wamp\www\upload129/image/');
define('DIR_CACHE', 'C:\wamp\www\upload129/cache/');
define('DIR_DOWNLOAD', 'C:\wamp\www\upload129/download/');
define('DIR_CATALOG', 'C:\wamp\www\upload129/catalog/');
and if you want you can still change the .htaccess
Hi all!
I know I am coming into this late, but why not use the normal htaccess/htpasswd combo here?
For example, htaccessfile:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/my/.htpasswd
AuthGroupFile /dev/null
require valid-user
and in the .htpasswd file something like:
AdminX:phN.cMiLqAHlw
Or am I missing something?
Cheers!
R
I know I am coming into this late, but why not use the normal htaccess/htpasswd combo here?
For example, htaccessfile:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/my/.htpasswd
AuthGroupFile /dev/null
require valid-user
and in the .htpasswd file something like:
AdminX:phN.cMiLqAHlw
Or am I missing something?
Cheers!
R
OC 1.4.9.1 - Yes, I know I should upgrade but I have changed /added a lot of custom code
Yeah, it would be nice if there is a module of some sort to do this security stuffs automatically -not just hiding the admin URL access.
~al3xandr1a
Newbie / Student
This is good solution.to change the admin name go to config.php in admin and change the name "admin":
// HTTP
define('HTTP_SERVER', 'http://localhost/upload129/HERE/');
define('HTTP_CATALOG', 'http://localhost/upload129/');
define('HTTP_IMAGE', 'http://localhost/upload129/image/');
// HTTPS
define('HTTPS_SERVER', '');
define('HTTPS_IMAGE', '');
// DIR
define('DIR_APPLICATION', 'C:\wamp\www\upload129/HERE/');
define('DIR_SYSTEM', 'C:\wamp\www\upload129/system/');
define('DIR_DATABASE', 'C:\wamp\www\upload129/system/database/');
define('DIR_LANGUAGE', 'C:\wamp\www\upload129/HERE/language/');
define('DIR_TEMPLATE', 'C:\wamp\www\upload129/HERE/view/template/');
define('DIR_CONFIG', 'C:\wamp\www\upload129/system/config/');
define('DIR_IMAGE', 'C:\wamp\www\upload129/image/');
define('DIR_CACHE', 'C:\wamp\www\upload129/cache/');
define('DIR_DOWNLOAD', 'C:\wamp\www\upload129/download/');
define('DIR_CATALOG', 'C:\wamp\www\upload129/catalog/');
and if you want you can still change the .htaccess
As a extra tip after that, it is good to make new catalog, called admin (empty), and put there 2 files:
.htaccess
Code: Select all
AuthUserFile /home/user/opencart/admin/.htpasswd
AuthGroupFile /dev/null
AuthName "Username:"
AuthType Basic
<limit GET POST>
require valid-user
</limit>
.htpasswd (empty)
Code: Select all
Haha!barblask wrote: As a extra tip after that, it is good to make new catalog, called admin (empty), and put there 2 files:
.htaccessAnd second,Code: Select all
AuthUserFile /home/user/opencart/admin/.htpasswd AuthGroupFile /dev/null AuthName "Username:" AuthType Basic <limit GET POST> require valid-user </limit>
.htpasswd (empty)Nice litle suprise for hacker. While he try hack empty folder ur real admin catalog is by still safe, bicouse he dont looking for it ;-]Code: Select all
Good idea! I like the way you think
OC 1.4.9.1 - Yes, I know I should upgrade but I have changed /added a lot of custom code
Hi barblask -
Thanks for the post , i have changed the admin foldername and its working fine.
After that i have created a Admin forlder in my root directory with two file .htaccess and .htpasswd.
but i have query , after doing these changes how my page will look like when i ping it http://www.storename\admin
please help
Thanks for the post , i have changed the admin foldername and its working fine.
After that i have created a Admin forlder in my root directory with two file .htaccess and .htpasswd.
but i have query , after doing these changes how my page will look like when i ping it http://www.storename\admin
please help
is this workin in 1.5.1 or later? i dont think so... because, i have this in my config file
and if i change just
and admin directory name my site wont open.. at all.... so, what shall i do... i mean i have opencart installed for while now. do i have to do that change before installing opencart or?
thanx for answ me
Code: Select all
<?php
// HTTP
define('HTTP_SERVER', 'http://demothis.com/');
define('HTTP_IMAGE', 'http://demothis.com/image/');
define('HTTP_ADMIN', 'http://demothis.com/admin/');
// HTTPS
define('HTTPS_SERVER', 'http://demothis.com/');
define('HTTPS_IMAGE', 'http://demothis.com/image/');
// DIR
define('DIR_APPLICATION', '/demothis/public_html/demothis/catalog/');
define('DIR_SYSTEM', '/demothis/public_html/demothis/system/');
define('DIR_DATABASE', '/demothis/public_html/demothis/system/database/');
define('DIR_LANGUAGE', '/demothis/public_html/demothis/catalog/language/');
define('DIR_TEMPLATE', '/demothis/public_html/demothis/catalog/view/theme/');
define('DIR_CONFIG', '/demothis/public_html/demothis/system/config/');
define('DIR_IMAGE', '/demothis/public_html/demothis/image/');
define('DIR_CACHE', '/demothis/public_html/demothis/system/cache/');
define('DIR_DOWNLOAD', '/demothis/public_html/demothis/download/');
define('DIR_LOGS', '/demothis/public_html/demothis/system/logs/');
// DB
define('DB_DRIVER', 'mysql');
define('DB_HOSTNAME', 'localhost');
define('DB_USERNAME', 'demothis');
define('DB_PASSWORD', 'demothis');
define('DB_DATABASE', 'demothis_demothis');
define('DB_PREFIX', 'demothis_');
?>
Code: Select all
define('HTTP_ADMIN', 'http://demothis.com/admin/');
thanx for answ me
lunja wrote:is this workin in 1.5.1 or later? i dont think so... because, i have this in my config file
and if i change justCode: Select all
<?php // HTTP define('HTTP_SERVER', 'http://demothis.com/'); define('HTTP_IMAGE', 'http://demothis.com/image/'); define('HTTP_ADMIN', 'http://demothis.com/admin/'); // HTTPS define('HTTPS_SERVER', 'http://demothis.com/'); define('HTTPS_IMAGE', 'http://demothis.com/image/'); // DIR define('DIR_APPLICATION', '/demothis/public_html/demothis/catalog/'); define('DIR_SYSTEM', '/demothis/public_html/demothis/system/'); define('DIR_DATABASE', '/demothis/public_html/demothis/system/database/'); define('DIR_LANGUAGE', '/demothis/public_html/demothis/catalog/language/'); define('DIR_TEMPLATE', '/demothis/public_html/demothis/catalog/view/theme/'); define('DIR_CONFIG', '/demothis/public_html/demothis/system/config/'); define('DIR_IMAGE', '/demothis/public_html/demothis/image/'); define('DIR_CACHE', '/demothis/public_html/demothis/system/cache/'); define('DIR_DOWNLOAD', '/demothis/public_html/demothis/download/'); define('DIR_LOGS', '/demothis/public_html/demothis/system/logs/'); // DB define('DB_DRIVER', 'mysql'); define('DB_HOSTNAME', 'localhost'); define('DB_USERNAME', 'demothis'); define('DB_PASSWORD', 'demothis'); define('DB_DATABASE', 'demothis_demothis'); define('DB_PREFIX', 'demothis_'); ?>
and admin directory name my site wont open.. at all.... so, what shall i do... i mean i have opencart installed for while now. do i have to do that change before installing opencart or?Code: Select all
define('HTTP_ADMIN', 'http://demothis.com/admin/');
thanx for answ me
You need to also change the information in the file /admin/config.php as well. Then it should work.
I think you can set "Password Protected" area for the admin login. You can do it in cPanel.
1st Login - Password Protected area
*Username & Password can be saved so next time you entry the site.
2nd Login - http://www.yoursite.com/store/admin/index.php
Personally, I like this way since you don't need to rename the original folder, even if you rename to another folder, the "hacker" can use "scan script" to scan which one the admin folder is.
Also, if you use .htaccess file, you need to maintain this file and it could be a headache in the future. (need to remember it).
Try to go to some other major B2C retail stores and "check it", you will see they use this method quite common. Hope this helps ~
1st Login - Password Protected area
*Username & Password can be saved so next time you entry the site.
2nd Login - http://www.yoursite.com/store/admin/index.php
Personally, I like this way since you don't need to rename the original folder, even if you rename to another folder, the "hacker" can use "scan script" to scan which one the admin folder is.
Also, if you use .htaccess file, you need to maintain this file and it could be a headache in the future. (need to remember it).
Try to go to some other major B2C retail stores and "check it", you will see they use this method quite common. Hope this helps ~
Who is online
Users browsing this forum: Bing [Bot] and 2 guests