1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unmaintained [n] Template Security 1.1.0

Enhance the security on your site for yourself and for your members.

  1. nanocode
    Compatible XF Versions:
    • 1.0
    • 1.1
    • 1.2
    • 1.3
    • 1.4
    • 1.5
    Apache 2.0 License - https://github.com/Apantic/template-security/blob/master/LICENSE
    Visible Branding:
    Enhance the security on your site using this very basic add-on. There has been a surprising increase in malicious attacks to XenForo sites through injection of malicious code into your templates. Limiting the access of all templates to yourself and a small handful may not always be a possibility, so this add-on allows you to limit certain templates to certain users, reducing vulnerability to key templates like login handlers, page_container, change password pages, etc. in case a staff account is compromised.

    This add-on is free - we believe in promoting security and hopefully this assists with that. There is also no branding associated with this add-on.

    • Limit access to certain templates
    • Be able to give normal template access to administrators, and only be able to block certain templates rather than revoke all access
    • Securely limit templates through your library/config.php file, which means this cannot be affected by any web user - this must be done through the files
    • Ensure that normal administrators cannot disable this add-on - you must be a super admin (as defined in config.php) to disable this add-on
    • Send alerts to super admins on attempt of modifying a protected template (possibly be able to see account compromise/suspicious activity)
    • Prevent circumvention of this system - the add-on also checks template modifications


    1. Unzip aTemplateSecurity-{version}.zip
    2. Upload the contents of the upload directory to your XenForo installation
    3. Install the add-on by the following method:
      Admin CP -> Add-ons -> Install Add-on ->
      Install from uploaded file:
      Upload addon-aUserProfileProgress.xml
      Install from file on server:
    4. The add-on should now install, and a short rebuilding process should occur. Once done, the installation has been successful!

    By default, any administrator with normal template editing permissions will be able to edit templates. Templates must be restricted, if you wish to restrict them. To do this, add this line to xf_root/library/config.php:
    $config['template_security']['template_name'] = '1';
    $config['template_security']['helper_login_form'] = '1';
    $config['template_security']['PAGE_CONTAINER'] = '1';
    $config['template_security']['account_security'] = '1';
    $config['template_security']['login_bar_form'] = '1';
    (you may use this code if you wish, it restricts the templates were raw passwords are embedded).

    Change '1' to the user IDs of the users you want to be able to edit this template.

    Please enter all template names in the case they are, so page_container will not work, as it is PAGE_CONTAINER (it is capitalised), whilst helper_login_form is all lowercase, so a mixed case or uppercase will not work. Please ensure the capitalisation of the template is correct.

    In the features we mention that only super admins can disable this add-on. There is little purpose if a normal administrator can disable this add-on and circumvent the restriction. So, to disable this add-on, you must be a super admin. This isn't a super admin exclusive to this add-on, we just use XenForo's default super admin system for this, defined by:
    $config['superAdmins'] = '1';
    in the same file.

    No changes to the database!

    Branding Information

    This add-on does not contain any visible branding.


    This add-on is distributed under the Apache 2.0 License. See: https://github.com/Apantic/template-security/blob/master/LICENSE
    Brandon Sheley likes this.

Recent Updates

  1. 1.1.0 Update

Recent Reviews

  1. adwade
    Version: 1.1.0
    As is often said: "An ounce of Prevention, is worth a POUND of Cure."

    That is sage advice to any administrator and this add-on can go a l-o-n-g way in protecting both your forum -and- your user's private data. The potential for the amount of hours this single add-on could save you is staggering, if/when someone ever tries to hack your forum.

    It was developed in response to a security breach on TheAdminZone and works very well to arrest several issues that may arise (sooner or later) with any co-Administrators on your own forums. (Ref: https://theadminzone.com/threads/security-breach.138687/)

    HIGHLY RECOMMENDED & THANXX to Apantic for taking the time/effort to develop this top-notch add-on!
  2. viper357
    Version: 1.1.0
    Nice to have an add-on that helps with securing our forums from malicious code and attacks. Thanks for releasing it.