securing xenForo

[Simon]

I did a quick search first and came back with nothing. Looked in the install.txt file and still no mention so here goes:

Are there any files or folder that we should remove / protect / rename after installation to make things more secure?

Just as an example on vb you should rename and protect the admincp and modcp folders and delete the install directory or install.php file.

Are there any tips for making xenforo more secure in these early beta stages?

 

[Blandt]

look into .htaccess

it's done already

 

[Paul B]

There is nothing else required other than the steps in the install.txt file.

 

[Shadab]

Nopes.


1. You can add one more layer of authentication to admin.php using .htaccess/.htpasswd
Take a look at how it's done, here: http://tools.dynamicdrive.com/password/

2. After you successfully install XenForo, the installer automatically creates a lock file at /internal_data/install-lock.php, which prevents the installer from being run again. So nothing needs to be done on your part.

 

[Blandt]

Extra security is always nice !

 

[Simon]

Thanks for your replies. I like the extra idea of adding .htaccess/.htpasswd to admin.php

 

[DSF]

It's simple to protect
Put this in your htaccess and create a .htpasswd

<Files admin.php>
AuthName "Admin Only"
AuthType Basic
AuthUserFile .htpasswd
require valid-user
</Files>

 

[maidos]

or dont have admin pw 1234 or admin