XF 1.2 One final post-install question...

Lord-Cupre

Member
Ok, got Xenforo installed "with a little help from my friends" (thanks Adam!).

Anyway, are there any final nuggets of advice after installing, such as "Oh, by the way, you should have deleted the xyz file after installing, or hackers can delete your forums."

Or "oh, by the way, in user settings, be sure to set the abc parameter to 'no' or else hackers can insert html and do damage."

That's about it.

Thanks all,
Cupre
 

Tracy Perry

Well-known member
Anyway, are there any final nuggets of advice after installing, such as "Oh, by the way, you should have deleted the xyz file after installing, or hackers can delete your forums."
Or "oh, by the way, in user settings, be sure to set the abc parameter to 'no' or else hackers can insert html and do damage."
Only "nugget" I'd suggest would be password protect your /install directory and the admin.php. Use a different username and password other than your main forum administrator account info.
 

Liam W

Well-known member
Yeah, make sure you htaccess the admin.php file. I always check that file first - if it doesn't have htaccess protection, I wonder if they care for their site...

Just be sure to use different details as to the admin account's logins, otherwise it sort of defeats the purpose...
 

Lord-Cupre

Member
Thanks for the tip!
Since I am a bit of a noob, can you advise me via PM on how to do htaccess protection on the admin.php file?
Ie how do I do that?

Does it involve the CPanel or something?

Thanks
Cupre
 

Liam W

Well-known member
Thanks for the tip!
Since I am a bit of a noob, can you advise me via PM on how to do htaccess protection on the admin.php file?
Ie how do I do that?

Does it involve the CPanel or something?

Thanks
Cupre
If you have cPanel installed, just look for 'Password protect directories'. Find an unused directory, and set it up with a username or password.

(I don't believe you can do files from that menu)

In the .htaccess file in the directory, cut everything, but instead of the 'Require valid-user' line, place this:

<Files 'admin.php>
require valid-user
</Files>

into the root .htaccess

:)
 

Lord-Cupre

Member
Oops - I see what you mean about a Difft directory.
I put the .htaccess file in /community and it password protected the whole site!
 
Top