• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.2 One final post-install question...

#1
Ok, got Xenforo installed "with a little help from my friends" (thanks Adam!).

Anyway, are there any final nuggets of advice after installing, such as "Oh, by the way, you should have deleted the xyz file after installing, or hackers can delete your forums."

Or "oh, by the way, in user settings, be sure to set the abc parameter to 'no' or else hackers can insert html and do damage."

That's about it.

Thanks all,
Cupre
 

Tracy Perry

Well-known member
#4
Anyway, are there any final nuggets of advice after installing, such as "Oh, by the way, you should have deleted the xyz file after installing, or hackers can delete your forums."
Or "oh, by the way, in user settings, be sure to set the abc parameter to 'no' or else hackers can insert html and do damage."
Only "nugget" I'd suggest would be password protect your /install directory and the admin.php. Use a different username and password other than your main forum administrator account info.
 

Liam W

Well-known member
#7
Yeah, make sure you htaccess the admin.php file. I always check that file first - if it doesn't have htaccess protection, I wonder if they care for their site...

Just be sure to use different details as to the admin account's logins, otherwise it sort of defeats the purpose...
 
#8
Thanks for the tip!
Since I am a bit of a noob, can you advise me via PM on how to do htaccess protection on the admin.php file?
Ie how do I do that?

Does it involve the CPanel or something?

Thanks
Cupre
 

Liam W

Well-known member
#9
Thanks for the tip!
Since I am a bit of a noob, can you advise me via PM on how to do htaccess protection on the admin.php file?
Ie how do I do that?

Does it involve the CPanel or something?

Thanks
Cupre
If you have cPanel installed, just look for 'Password protect directories'. Find an unused directory, and set it up with a username or password.

(I don't believe you can do files from that menu)

In the .htaccess file in the directory, cut everything, but instead of the 'Require valid-user' line, place this:

<Files 'admin.php>
require valid-user
</Files>

into the root .htaccess

:)