Changing admin path

[ryan2179]

I installed a script tracking to see if anyone has accessed /admin. I found it was accessed by 3 other IP's and I've only had the site up for a few days. Obviously the password was changed as soon as I installed it so no one can get in it, but for security reasons is it possible to change the admin path of the script and not affect the site/ script itself?

Right now I'm running a .htaccess script that disallows all IP's exept for mine and someone who is working with my but it sucked when earlier today I tried accessing it from my phone on the go and I didn't have access :lol:

Just thought I ask before I attempt it and cause any damage.
Thanks,
Ryan

 

[uploadchest]

login to your ftp manager and change the folder name. that's all.

 

[ryan2179]

Thanks just wanted to make sure that was all before doing it. some things require changes elsewhere if I change it.

 

[ysmods]

You also have to edit _footer.php

Find:

echo '<strong>[ <a href="' . WEB_ROOT . '/admin/" target="_blank">' . t('admin_area', 'admin area') . '</a> ]</strong><br/><br/>';

Edit the /admin/ part to your new admin directory name.

For added security you could remove this code from _footer.php

<?php
if (($Auth->loggedIn() == true) && ($Auth->level == 'admin'))
{
    echo '<strong>[ <a href="' . WEB_ROOT . '/admin/" target="_blank">' . t('admin_area', 'admin area') . '</a> ]</strong><br/><br/>';
}
?>

You can also use .htpasswd to protect the directory for double password entry.

And for even more added security, If you're on a static IP (IP that never changes) you could create a file in your admin directory, name it .htaccess and put the following into it.

##############################################
# Replace 12.34.56.78 with your IP address
##############################################
order deny,allow
allow from 12.34.56.78
deny from all

 

[shopping1782]

Btw if you do the .htaccess thing I would rather recommend protecting only the login page like this:

##############################################
# Replace 12.34.56.78 with your IP address
##############################################
<Files login.php>
order deny,allow
allow from 12.34.56.78
deny from all
</Files>

Because the broader range as suggested above disables translations (or at least its images) so if you are using them - beware.

Are there some other very important files apart from this one which will be probably bruteforced?

 

[ysmods]

I noticed, that if you have any plugins installed, the admin side not work until you change the following line in each of the files in the plugins admin folder

include_once('../../../admin/_local_auth.inc.php');

Change the "admin" section to whatever your admin directory is named

 

[adam]

I noticed, that if you have any plugins installed, the admin side not work until you change the following line in each of the files in the plugins admin folder

include_once('../../../admin/_local_auth.inc.php');

Change the "admin" section to whatever your admin directory is named

Iv'e changed this for the next release so the admin path isn't hard coded in any of the plugins.

 

[ysmods]

Sounds good Adam