[n] Template Security

Unmaintained [n] Template Security 1.1.0

No permission to download
Compatible XF 1.x versions
  1. 1.0
  2. 1.1
  3. 1.2
  4. 1.3
  5. 1.4
  6. 1.5
Apache 2.0 License
Visible branding
Enhance the security on your site using this very basic add-on. There has been a surprising increase in malicious attacks to XenForo sites through injection of malicious code into your templates. Limiting the access of all templates to yourself and a small handful may not always be a possibility, so this add-on allows you to limit certain templates to certain users, reducing vulnerability to key templates like login handlers, page_container, change password pages, etc. in case a staff account is compromised.

  • Limit access to certain templates
  • Be able to give normal template access to administrators, and only be able to block certain templates rather than revoke all access
  • Securely limit templates through your library/config.php file, which means this cannot be affected by any web user - this must be done through the files
  • Ensure that normal administrators cannot disable this add-on - you must be a super admin (as defined in config.php) to disable this add-on
  • Send alerts to super admins on attempt of modifying a protected template (possibly be able to see account compromise/suspicious activity)
  • Prevent circumvention of this system - the add-on also checks template modifications

  1. Unzip aTemplateSecurity-{version}.zip
  2. Upload the contents of the upload directory to your XenForo installation
  3. Install the add-on by the following method:
    Admin CP -> Add-ons -> Install Add-on ->
    Install from uploaded file:
    Upload addon-aUserProfileProgress.xml
    Install from file on server:
  4. The add-on should now install, and a short rebuilding process should occur. Once done, the installation has been successful!

By default, any administrator with normal template editing permissions will be able to edit templates. Templates must be restricted, if you wish to restrict them. To do this, add this line to xf_root/library/config.php:
$config['template_security']['template_name'] = '1';
$config['template_security']['helper_login_form'] = '1';
$config['template_security']['PAGE_CONTAINER'] = '1';
$config['template_security']['account_security'] = '1';
$config['template_security']['login_bar_form'] = '1';
(you may use this code if you wish, it restricts the templates were raw passwords are embedded).

Change '1' to the user IDs of the users you want to be able to edit this template.

Please enter all template names in the case they are, so page_container will not work, as it is PAGE_CONTAINER (it is capitalised), whilst helper_login_form is all lowercase, so a mixed case or uppercase will not work. Please ensure the capitalisation of the template is correct.

In the features we mention that only super admins can disable this add-on. There is little purpose if a normal administrator can disable this add-on and circumvent the restriction. So, to disable this add-on, you must be a super admin. This isn't a super admin exclusive to this add-on, we just use XenForo's default super admin system for this, defined by:
$config['superAdmins'] = '1';
in the same file.

Open source
This add-on is open source, licensed under the Apache 2.0 License. Repository: https://github.com/nanocodeio/template-security

Note that support and updates are not provided for this add-on. If you need support, please reply to the thread. If you find a bug in the add-on, please open an issue on the repository linked. We appreciate all contributions to the add-on, and if you're able to make the changes yourself we'd appreciate it if you'd PR the changes back into the repository for the use of others.
  • Like
Reactions: Brandon Sheley
First release
Last update


5.00 star(s) 2 ratings

More resources from nanocode

  • MineSync, for XF2
    MineSync, for XF2
    MineSync integrates your Minecraft server with your XenForo forum, syncs ranks and links players!
  • MineSync Store
    MineSync Store
    Allow your players to purchase in-game ranks via user upgrades on your XenForo forum
  • Forum Rules
    Forum Rules
    Set up per-forum rules to ensure your users are aware of them, and acknowledge them.
  • Mollie Integration
    Unmaintained Mollie Integration
    Integration to accept payments via the Mollie payment gateway in XenForo
  • BitPay Integration
    Unmaintained BitPay Integration
    Accept cryptocurrencies (BTC, ETH, etc.) for payments via the BitPay payment gateway

Latest updates

  1. 1.1.0 Update

    Feature Additions: Alerts will now be sent to all super admins if a restricted template is...

Latest reviews

As is often said: "An ounce of Prevention, is worth a POUND of Cure."

That is sage advice to any administrator and this add-on can go a l-o-n-g way in protecting both your forum -and- your user's private data. The potential for the amount of hours this single add-on could save you is staggering, if/when someone ever tries to hack your forum.

It was developed in response to a security breach on TheAdminZone and works very well to arrest several issues that may arise (sooner or later) with any co-Administrators on your own forums. (Ref: https://theadminzone.com/threads/security-breach.138687/)

HIGHLY RECOMMENDED & THANXX to Apantic for taking the time/effort to develop this top-notch add-on!
Nice to have an add-on that helps with securing our forums from malicious code and attacks. Thanks for releasing it.
Top Bottom