Hello all... Please, how can I hide the admin page? Like make it more secure and more difficult to locate an entrance to the admin part of the site, but still mantain its functionality.
thanks!
hidding the admin page
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
And then, the serendipity team makes very sure that your admin is as secure as it can be. So the only way to improve it, is to look out for security issues in the PHP code, and help us clean them. However we think there is only pretty secure code. 
Best regards,
Garvin
Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
changing admin page
[quote="garvinhicking"]And then, the serendipity team makes very sure that your admin is as secure as it can be. So the only way to improve it, is to look out for security issues in the PHP code, and help us clean them. However we think there is only pretty secure code. :)
Best regards,
Garvin[/quote]
Thanks! I've already deleted the plugin link to the administration page. I asked this question because I used PHP Nuke for a website about a year ago and the administration part got hacked, even though there were no links to it on the site, so that is why I was wondering.
But thnkas anyway!
Best regards,
Garvin[/quote]
Thanks! I've already deleted the plugin link to the administration page. I asked this question because I used PHP Nuke for a website about a year ago and the administration part got hacked, even though there were no links to it on the site, so that is why I was wondering.
But thnkas anyway!
-
Brendon K
- Regular
- Posts: 44
- Joined: Thu Feb 23, 2006 10:35 pm
- Location: Saratoga Springs, NY, USA
- Contact:
You'll also want to make sure that your password is pretty hard to guess. Since "Serendipity" or "s9y" is found on most pages of a Serendipity blog template (and default administration landing pages), a dictionary attack can still work quite well (and is what happened to my test s9y blog a year back -- good thing it was just a test!).
I've scrambled the "Powered by" text in my theme's template as well as used a much more secure password.
"What about the user name? You didn't say anything about the username!"
On most default installs of Serendipity, the author name of stories would be used as the login name. That leaves securing your password, and/or moving the default location of the admin page. Since the latter is more difficult and I'm not going to go into explaining how to do it, just make sure you use a fairly secure password. Letters, numbers, and symbols (@!%&#$).
I've scrambled the "Powered by" text in my theme's template as well as used a much more secure password.
"What about the user name? You didn't say anything about the username!"
On most default installs of Serendipity, the author name of stories would be used as the login name. That leaves securing your password, and/or moving the default location of the admin page. Since the latter is more difficult and I'm not going to go into explaining how to do it, just make sure you use a fairly secure password.
Letters, numbers, and symbols (@!%&#$).They say, "Practice makes perfect," yet they also say, "Nobody's perfect." I don't get it.
