XF 2.2 Can i change admin.php into something crypting.php?

hibiskus

Active member
Hey I wanted to ask if it would make any problem if I change the generic name admin.php to something like xn3qskdw9.php?
I am asking for security reasons, since that is a static point for black hats to try on.
I am not asking if this makes sense or not, simply if it would interfere or brake anything, which may rely on the naming of admin.php.
 
Last edited:

Ozzy47

Well-known member
There is no reason to change it, as a determined attacker will find the new file name even if you name it 128 random letters.

A common approach is to secure it with a password.

 

hibiskus

Active member
He could also find out my password, but for that he has to first find out the file name.
Nothing is unattackable you can only make the effort higher.

Changing the filename from default name is out of question still an additional layer.
As specially this kind of layer will work against some many standard simple bot attacks.
But I like the idea very much to secure it with htaccess/apache additionally, thank you for the hint.

So you did not concretely answered to my question, so I can change for example to 128 random letters, without anything braking? :p
 

Mendalla

Well-known member
He could also find out my password, but for that he has to first find out the file name.
Nothing is unattackable you can only make the effort higher.
Almost no one in IT believes in security through obscurity anymore. It delays the inevitable at best. Make sure all admin accounts have 2FA enabled and use the measures in the thread Ozzy posted about .htaccess. And use those even if you do rename it because those are what will protect you, not the rename.
 
Top