• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

securing xenForo

Simon

Active member
#1
I did a quick search first and came back with nothing. Looked in the install.txt file and still no mention so here goes:

Are there any files or folder that we should remove / protect / rename after installation to make things more secure?

Just as an example on vb you should rename and protect the admincp and modcp folders and delete the install directory or install.php file.

Are there any tips for making xenforo more secure in these early beta stages?
 

Shadab

Well-known member
#4
Nopes. :)


1. You can add one more layer of authentication to admin.php using .htaccess/.htpasswd
Take a look at how it's done, here: http://tools.dynamicdrive.com/password/

2. After you successfully install XenForo, the installer automatically creates a lock file at /internal_data/install-lock.php, which prevents the installer from being run again. So nothing needs to be done on your part.

installer_lock.png
 

DSF

Well-known member
#7
It's simple to protect
Put this in your htaccess and create a .htpasswd ;)

Code:
<Files admin.php>
AuthName "Admin Only"
AuthType Basic
AuthUserFile .htpasswd
require valid-user
</Files>