1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

securing xenForo

Discussion in 'XenForo Questions and Support' started by Simon, Oct 8, 2010.

  1. Simon

    Simon Active Member

    I did a quick search first and came back with nothing. Looked in the install.txt file and still no mention so here goes:

    Are there any files or folder that we should remove / protect / rename after installation to make things more secure?

    Just as an example on vb you should rename and protect the admincp and modcp folders and delete the install directory or install.php file.

    Are there any tips for making xenforo more secure in these early beta stages?
  2. Blandt

    Blandt Well-Known Member

    look into .htaccess

    it's done already
  3. Brogan

    Brogan XenForo Moderator Staff Member

    There is nothing else required other than the steps in the install.txt file.

  4. Shadab

    Shadab Well-Known Member

    Nopes. :)

    1. You can add one more layer of authentication to admin.php using .htaccess/.htpasswd
    Take a look at how it's done, here: http://tools.dynamicdrive.com/password/

    2. After you successfully install XenForo, the installer automatically creates a lock file at /internal_data/install-lock.php, which prevents the installer from being run again. So nothing needs to be done on your part.

    simon likes this.
  5. Blandt

    Blandt Well-Known Member

    Extra security is always nice ! :D
  6. Simon

    Simon Active Member

    Thanks for your replies. I like the extra idea of adding .htaccess/.htpasswd to admin.php :)
  7. DSF

    DSF Well-Known Member

    It's simple to protect
    Put this in your htaccess and create a .htpasswd ;)

    <Files admin.php>
    AuthName "Admin Only"
    AuthType Basic
    AuthUserFile .htpasswd
    require valid-user
  8. maidos

    maidos Active Member

    or dont have admin pw 1234 or admin

Share This Page