XF 1.5 Admin CP

[MirandaSings]

Just wondering, if someone hacks your admin CP (yes I am protective of my information and cautious) but you know things can happen. My last email was recently hacked so yeah.

What actions should be taken?

 

[BoostN]

Use two factor authentication (with the release of 1.5 stable) and change your admin password. Then have your host check logs to see how access was granted.

 

[MirandaSings]

Use two factor authentication (with the release of 1.5 stable) and change your admin password. Then have your host check logs to see how access was granted.

If they have access to your email, and get passed that, what other actions should be taken?

 

[Pieman]

Protecting admin.php and the install directory using .htaccess could help as it would prevent access to the admin.php control pannel without an additional username and password, that can't be reset via email.

 

[MirandaSings]

Oh wow a nice guide
Where it says
Order Deny,Allow
Deny from all
Allow from 127.0.0.1

do I put change localhost to my actual ip? And if so what if it changes?

 

[BoostN]

Oh wow a nice guide
Where it says
Order Deny,Allow
Deny from all
Allow from 127.0.0.1

do I put change localhost to my actual ip? And if so what if it changes?

Yes, your IP. You would have to change it each time your ISP changes your IP.

Since that just denies access on the application level, you can still FTP or SSH into your server and change as needed.

 

[MirandaSings]

You guys are the best! Works like a charm