If you would like to 'sort of' rename your Joomla administrator directory without having to modify any Joomla code or you don't want to have to use htpasswd to protect that directory, you can achieve it the following way.
This may help limit issues for joomla security in the future.
Steps #1
1. Create a new directory
in your root directory (eg. "myadmin")
2. Create an index.php
file in your "myadmin" directory..
$admin_cookie_code="1234567890";
setcookie("JoomlaAdminSession",$admin_cookie_code,0,"/");
header("Location: /administrator/index.php");
?>
setcookie("JoomlaAdminSession",$admin_cookie_code,0,"/");
header("Location: /administrator/index.php");
?>
3. Add this to .htaccess
of your real Joomla administrator directory
RewriteEngine On
RewriteCond %{REQUEST_URI}
^/administrator
RewriteCond %{HTTP_COOKIE}
!JoomlaAdminSession=1234567890
RewriteRule .* - [L,F]
Needless to say, you would choose another directory name for "myadmin" and change the cookie code "1234567890" to something else. Security through obfuscation is no substitute for the real thing but this might make you feel a little better.
Steps #2
1. define( ‘JPATH_ADMINISTRATOR’, JPATH_ROOT.DS.’administrator’ );
to
define( ‘JPATH_ADMINISTRATOR’, JPATH_ROOT.DS.’myadmin’ );
2. Create a new directory in your root directory (eg. “myadmin”)
3. Create an index.php file in your “myadmin” directory..
<?php
$admin_cookie_code=”999999999″;
setcookie(“JoomlaAdminSession”,$admin_cookie_code,0,”/”);
header(“Location: ../administrator/index.php”);
?>
$admin_cookie_code=”999999999″;
setcookie(“JoomlaAdminSession”,$admin_cookie_code,0,”/”);
header(“Location: ../administrator/index.php”);
?>
4. Add this to the beginning of index.php in real administrator folder
#administrator/index.php (modify , **do not replace**)
if ($_COOKIE['JoomlaAdminSession'] != “999999999″)
{
header(“Location: ../index.php”);
}
No comments:
Post a Comment