• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 Securing XenForo directories

I have password protected the install folder and admin.php/admindav.php files. My question is, does the same need to be done to data, internal_data, js and library?

Should be worried about people trying to access files in these directories by typing in, say, "<url>/library/config.php"?


XenForo developer
Staff member
The out of the box configuration (for Apache) blocks all access to the library and internal_data directories. (The friendly URL config for Nginx also blocks them.)

Your data and js directories need to be accessible though.