1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Forum Security / Admin account ?

Discussion in 'Forum Management' started by erich37, Nov 19, 2013.

  1. erich37

    erich37 Well-Known Member

    in order to have more security from potential hackers, does it make sense to create 2 Admin-Accounts ?

    I mean: does it make sense to hide the "Admin username" and not making any posts with the "Admin-username" ?

    So there would be literally 2 Admin-accounts:
    - one which you use to make Forum-posts and administer the Forums from the Frontend
    - another Admin-account for administrating the ACP-backend

    I am a bit unsure how this would work or if it makes sense at all ?
    How are you guys doing it ?

    Many thanks!
  2. CyclingTribe

    CyclingTribe Well-Known Member

    I don't think it's necessary. You might want to create a secondary, dormant admin account - for use in the unlikely event you do get "hacked" [or have your ACP compromised] - but providing you don't give your moderators too many high-level functions, and don't recruit too many people at 'admin' level, then you should be fine.

    If your board is ever genuinely hacked (most "hacks" are down to people sharing or misusing account/password information) then it is unlikely a secondary account would be much help as it would be easy to identify - it would belong to the Admin group!!

    Shaun :D
    erich37 likes this.
  3. erich37

    erich37 Well-Known Member


    I was just wondering if it is an issue when the "Admin username" is shown publicly at the frontend of the Forum......
    Since when a hacker sees and knows the "Admin username", then the only thing he needs to know is the Password to gain access to ACP.
  4. Amaury

    Amaury Well-Known Member

    Just rename the admin account that comes with XenForo and use that as your account.

    For example, if I owned a XenForo forum, I would just rename admin to Amaury and use that as my account.
  5. digitalpoint

    digitalpoint Well-Known Member

    erich37 likes this.
  6. erich37

    erich37 Well-Known Member

    you mean HT-Access for the Admin-path ?
    yeah, I am using this already.

    I was just wondering if the Admin-username at the frontend should be different to the Admin-username with which you access the ACP.
    And if yes, then how would you do this ?

    Also, if you wanted to change your "Admin-path" from standard "domain.com/admin.php" ..... towards a custom path like e.g.: "domain.com/xyz123.php"
    How would you do this ?

    Last edited: Nov 21, 2013
  7. digitalpoint

    digitalpoint Well-Known Member

    Personally, I don't bother having a different backend admin account. I force the HTTP AUTH login for my admin area, I block access by IP address, I only have one user with admin access (me) and my account also is set to use Two-Factor Authentication to log in. Long story short is you would need to know my password, have physical possession of my cell phone (and know my unlock code for cell phone) as well as be physically in my house.

    If someone is in my house, has my cell phone and knows how to unlock it and knows both my account password and HTTP AUTH username/password, well... I have bigger problems... mainly because there's someone in my house and I'm probably dead.
  8. erich37

    erich37 Well-Known Member

    is there an Addon or something for those 2 things:
    - block access by IP address
    - my account also is set to use Two-Factor Authentication to log in

    Many thanks!
  9. digitalpoint

    digitalpoint Well-Known Member

    I do the IP blocking at the server level, not through an addon.
  10. MattW

    MattW Well-Known Member

  11. Liam W

    Liam W Well-Known Member

    Check my resources list. I have AdminCP Firewall and Second Level Login.

Share This Page