XF 2.2 Change Admin URL

thunderup

Active member
Is there a way to change the Admin URL so as to hide it from the "obvious" URL that it has as a default from unwanted visitors?
 
Yes, see this post:

There'll be a few templates to change, I think, for those places which link directly to admin.php, but the change to the routing formatter itself can be done without changing any core files in XF2.

Just add the following to your src/config.php file:
PHP:
$c['router.admin.formatter'] = $c->wrap(function($route, $queryString)
{
   $suffix = $route . (strlen($queryString) ? '&' . $queryString : '');
   return strlen($suffix) ? 'not_admin.php?' . $suffix : 'not_admin.php';
});
Replace not_admin.php with whichever name you have renamed admin.php to.

You can also just add .htaccess auth.

 
Yes, see this post:
Almost, but this does not work 100% - there are quite a few hardcoded calls to adminphp in JavaScript files related to
  • Uploading assets
  • Searching users
  • Editing code (templates)
Those would fail if the file is renamed, so to make them work further adjustments would be necessary so I don't think just changing templates and adjusting admin formatter like @Chris D suggested would fully work.
 
Yea, we limit access to the admin area by IP address, require 2FA for admin and moderators, and have SSL installed.
 
HTTP authentication, secure passwords and forcing 2FA should mitigate any concerns entirety.
I assume this probably isn't a simple answer, but is 2FA alone 100% bulletproof? I use the new 2FA built into iCloud's password manager (which works seamlessly). I would think that is enough to make the control panel literally impenetrable?
 
It requires something you know (the password) and something you have (the short lived, one time token) so yeah it should be pretty bullet proof in most cases.

You just don’t want your authentication device to fall into the wrong hands but typically that would require your actual device to be stolen and accessed which seems very unlikely.
 
Back
Top Bottom