1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security for admin accounts

Discussion in 'General XenForo Discussion and Feedback' started by xeanyngoat, Jun 9, 2014.

  1. xeanyngoat

    xeanyngoat Member

    Hi there,

    I cant post here: http://xenforo.com/community/threads/forum-security-admin-account.63439/ so started this thread. Thought it would be more secure to have a different display name to the login name (at least for admin accounts) for the extra protection, similar to WordPress. Seems a bit odd to me that straight out of the box someone only needs to guess a password for an admin account.

    Cheers.
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    The reason you can't post in that thread is because you haven't associated your forum user name with your license.

    How do you know which are admin accounts?

    If the site owner so wishes, they can remove the first account as an admin account and set up a new one.

    So then you would have to guess the account and the password.

    Not to mention defeating the .htaccess password/IP auth on the ACP log in.
     
    Adam Howard and Amaury like this.
  3. xeanyngoat

    xeanyngoat Member

    Thanks

    On some sites it would be pretty easy to figure out who the admins are because they would be the ones doing all the 'butt kicking', I guess :)

    Does this mean use a different account to do the posting with?

    I still think a useful solution is to allow different username to display name :) My thoughts.
     
  4. Newt

    Newt Active Member

    I think what you're looking for is pretty well explained here. Makes the user.1 Super Admin account no longer as exposed. Now the admin.php file can still be targeted, hence the .htaccess protection which adds a security layer.
     
    Adam Howard likes this.

Share This Page