XF 2.0 Admin panel path change

[mysimsek]

2.0 Library is Empty How to change Admin Panel Path?

 

[Lukas W.]

src is the new directory for internal code. Library only exists for upgrade reasons (or so I assume).

 

[mysimsek]

How to change Admin Panel Path?

 

[ludak]

I don't think you can

 

[Lukas W.]

Modify and move the Admin.php in your XenForo root. You'll have to do that for each upgrade.

 

[Emre]

How to change Admin Panel Path?

Use encryption instead of modifying. Admin.php and install folder. otherwise you will often get an error when updating!

 

[mysimsek]

I made the solution share here

https://xenforotr.com/konular/xenforo-2-0-admin-panel-yolu-degistirme.1972/post-8969

 

[Chris D]

There'll be a few templates to change, I think, for those places which link directly to admin.php, but the change to the routing formatter itself can be done without changing any core files in XF2.

Just add the following to your src/config.php file:

$c['router.admin.formatter'] = $c->wrap(function($route, $queryString)
{
   $suffix = $route . (strlen($queryString) ? '&' . $queryString : '');
   return strlen($suffix) ? 'not_admin.php?' . $suffix : 'not_admin.php';
});

Replace not_admin.php with whichever name you have renamed admin.php to.

 

[ludak]

@Chris D are there plans to make this configurable in future releases? I don't really like the fact that whoever knows what forums we are using can get to the admin page as well. We have 2 step auth set up for admins, but I am still sucker for best security possible

 

[DragonByte Tech]

@Chris D are there plans to make this configurable in future releases? I don't really like the fact that whoever knows what forums we are using can get to the admin page as well. We have 2 step auth set up for admins, but I am still sucker for best security possible

Implement .htaccess protection on admin.php. There is no reason to change it, as a determined attacker will find the new file name even if you name it 128 random letters.


Fillip

 

[Emre]

Implement .htaccess protection on admin.php. There is no reason to change it, as a determined attacker will find the new file name even if you name it 128 random letters.

Fillip

I agree

 

[Martok]

Implement .htaccess protection on admin.php. There is no reason to change it, as a determined attacker will find the new file name even if you name it 128 random letters.

^This.

There's even a guide on how to do this here:

https://xenforo.com/community/resou...and-the-install-directory-using-htaccess.353/

and it's easy enough to also do it if you're using Nginx (without Apache).

 

[Chris D]

With two step verification and TOTP, I’d be more than happy to give people my admin URL and my admin login details and good luck to them.

I’m not going to... but I’d be confident enough in it.

With a strong, unique password and 2FA protection you’ve got no worries at all.

 

[DragonByte Tech]

Then again it's not difficult to guess that your password is All-GDPR-And-No-2.1-Makes-Chris-A-Sad-Boy at this point


Fillip

 

[Chris D]

Damn. I think I’ve been compromised!

 

[mysimsek]

Thanks for help