XF 2.2 Can i change admin.php into something crypting.php?

hibiskus

hibiskus

Active member
Hey I wanted to ask if it would make any problem if I change the generic name admin.php to something like xn3qskdw9.php?
I am asking for security reasons, since that is a static point for black hats to try on.
I am not asking if this makes sense or not, simply if it would interfere or brake anything, which may rely on the naming of admin.php.
 
Last edited:
Sort by date Sort by votes
There is no reason to change it, as a determined attacker will find the new file name even if you name it 128 random letters.

A common approach is to secure it with a password.

xenforo.com

Protecting admin.php, the /install directory, and test & development installations using .htaccess

If you want to provide an extra layer of protection to admin.php, the /install directory, and test & development installations, you can do so with .htaccess authentication. Protecting admin.php To protect admin.php, edit the .htaccess file...
xenforo.com xenforo.com
 
Upvote 1 Downvote
He could also find out my password, but for that he has to first find out the file name.
Nothing is unattackable you can only make the effort higher.

Changing the filename from default name is out of question still an additional layer.
As specially this kind of layer will work against some many standard simple bot attacks.
But I like the idea very much to secure it with htaccess/apache additionally, thank you for the hint.

So you did not concretely answered to my question, so I can change for example to 128 random letters, without anything braking? :p
 
Upvote 0 Downvote
hibiskus said:
He could also find out my password, but for that he has to first find out the file name.
Nothing is unattackable you can only make the effort higher.
Click to expand...
Almost no one in IT believes in security through obscurity anymore. It delays the inevitable at best. Make sure all admin accounts have 2FA enabled and use the measures in the thread Ozzy posted about .htaccess. And use those even if you do rename it because those are what will protect you, not the rename.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

M
  • Question Question
XF 2.2 Is there an email bounce block list/blacklist/blocklist? Or is the only record the user state change? Can accounts be blocked for bounced emails?
Replies
6
Views
805
MaximilianKohler
M
thedunes
  • Question Question
XF 2.2 Where do I store the JPG for a custom user badge?
Replies
5
Views
303
thedunes
thedunes
H
  • Question Question
XF 2.2 YouTube asking for CAPTCHA? (Xenforo 2.2.12 Cloud Hosted)
Replies
3
Views
2K
⭐ Alex ⭐
⭐ Alex ⭐
Vercingetorix
Activity Summary emails are the digital equivalent of junk mail.
Replies
3
Views
1K
Vercingetorix
Vercingetorix
I
  • Question Question
XF 2.1 Can I allow a user to create an new account, and take them to a specific URL?
Replies
1
Views
519
isuttie
I
Top Bottom