Serendipity Forums

User and developer community
https://board.s9y.org/

hidding the admin page

https://board.s9y.org/viewtopic.php?t=7518

Page 1 of 1

hidding the admin page

Posted: Mon Oct 30, 2006 2:19 am
by dddalex
Hello all... Please, how can I hide the admin page? Like make it more secure and more difficult to locate an entrance to the admin part of the site, but still mantain its functionality.

thanks!

Posted: Mon Oct 30, 2006 4:56 am
by azel
I believe you should be able to delete the link to your administration in your event plugins and then it won't show up.

Posted: Mon Oct 30, 2006 10:56 am
by garvinhicking
And then, the serendipity team makes very sure that your admin is as secure as it can be. So the only way to improve it, is to look out for security issues in the PHP code, and help us clean them. However we think there is only pretty secure code. :)

Best regards,
Garvin

changing admin page

Posted: Thu Nov 02, 2006 2:45 pm
by dddalex
[quote="garvinhicking"]And then, the serendipity team makes very sure that your admin is as secure as it can be. So the only way to improve it, is to look out for security issues in the PHP code, and help us clean them. However we think there is only pretty secure code. :)

Best regards,
Garvin[/quote]

Thanks! I've already deleted the plugin link to the administration page. I asked this question because I used PHP Nuke for a website about a year ago and the administration part got hacked, even though there were no links to it on the site, so that is why I was wondering.

But thnkas anyway!

Posted: Mon Nov 13, 2006 10:52 pm
by Brendon K
You'll also want to make sure that your password is pretty hard to guess. Since "Serendipity" or "s9y" is found on most pages of a Serendipity blog template (and default administration landing pages), a dictionary attack can still work quite well (and is what happened to my test s9y blog a year back -- good thing it was just a test!).

I've scrambled the "Powered by" text in my theme's template as well as used a much more secure password.

"What about the user name? You didn't say anything about the username!"
On most default installs of Serendipity, the author name of stories would be used as the login name. That leaves securing your password, and/or moving the default location of the admin page. Since the latter is more difficult and I'm not going to go into explaining how to do it, just make sure you use a fairly secure password. :) Letters, numbers, and symbols (@!%&#$).

Posted: Sat Dec 02, 2006 8:00 pm
by Andyman77
Just another idea for security. That would be to add a captcha request after X number of login failures. if you still fail that, and E-mail password & captcha.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited