securing xenForo


Active member
I did a quick search first and came back with nothing. Looked in the install.txt file and still no mention so here goes:

Are there any files or folder that we should remove / protect / rename after installation to make things more secure?

Just as an example on vb you should rename and protect the admincp and modcp folders and delete the install directory or install.php file.

Are there any tips for making xenforo more secure in these early beta stages?


XenForo moderator
Staff member
There is nothing else required other than the steps in the install.txt file.



Well-known member
Nopes. :)

1. You can add one more layer of authentication to admin.php using .htaccess/.htpasswd
Take a look at how it's done, here:

2. After you successfully install XenForo, the installer automatically creates a lock file at /internal_data/install-lock.php, which prevents the installer from being run again. So nothing needs to be done on your part.



Active member
Thanks for your replies. I like the extra idea of adding .htaccess/.htpasswd to admin.php :)


Well-known member
It's simple to protect
Put this in your htaccess and create a .htpasswd ;)

<Files admin.php>
AuthName "Admin Only"
AuthType Basic
AuthUserFile .htpasswd
require valid-user