Slogan

Change your Joomla Admin Folder Name or Path

If you would like to 'sort of' rename your Joomla administrator directory without having to modify any Joomla code or you don't want to have to use htpasswd to protect that directory, you can achieve it the following way.
This may help limit issues for joomla security in the future.
  1. Create a new directory in your root directory (eg. "myadmin")
  2. Create an index.php file in your "myadmin" directory..

    $admin_cookie_code="1234567890";
    setcookie("JoomlaAdminSession",$admin_cookie_code,0,"/");
    header("Location: /administrator/index.php");
    ?>

  3. Add this to .htaccess of your real Joomla administrator directory
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/administrator
RewriteCond %{HTTP_COOKIE} !JoomlaAdminSession=1234567890
RewriteRule .* - [L,F]
To enter your Joomla administration page, you point your browser to "http://yoursite.com/myadmin/" The php code will set a cookie that expires at the end of the session and redirect you to your real administration page. No one will be able to load anything from the administrator directory without having gone through the "myadmin" directory first.

Needless to say, you would choose another directory name for "myadmin" and change the cookie code "1234567890" to something else. Security through obfuscation is no substitute for the real thing but this might make you feel a little better.

Comments

avatar sunsun
+2
 
 

correct me if i`m wrong:
1)
index.php file in your "myadmin" directory should be:
header("Location: ../administrator/index.php");
and not:
header("Location: /administrator/index.php");

2)
if i have windows i have to create a text file (lets say htaccess.text )
and then rename the file htaccess.text i created to .htaccess by
start => run => cmd //this will bring me to command prompt
and then
ren C:\wamp\www\YOUR_SITE_FOLDER_NAME\administrator\htaccess.txt .htaccess

when i did this it really prevented access to the http://localhost/YOUR_SITE_FOLDER_NAME/administrator folder

*BUT* i got rejected also when i first went to the new folder where i set the cookie
http://localhost/YOUR_SITE_FOLDER_NAME/NEW_ADMIN_FOLDER = >>> gave same result
is the next line ok?
RewriteCond %{HTTP_COOKIE} !JoomlaAdminSess ion=1234567890
RewriteRule .* - [L,F]
(btw my JoomlaAdminSess ion is the same)

my solution was to check for COOKIE value on the administrator folder index.php :
if ($_COOKIE['JoomlaAdminSess ion'] != "1234567890")
{
header("Location: ../index.php");
}

is this solution ok or it has security hole?

and where is the mistake here:
RewriteCond %{HTTP_COOKIE} !JoomlaAdminSess ion=1234567890
RewriteRule .* - [L,F]

?
Thursday 19 March 2009, 20:04
Post Reply
Name *
Email (For verification & Replies)
URL
Code   
Submit Comment
Cancel
avatar dfd
0
 
 
dfdf
Monday 01 March 2010, 07:01
Post Reply
Name *
Email (For verification & Replies)
URL
Code   
Submit Comment
Cancel
Name *
Email (For verification & Replies)
URL
Code   
Submit Comment
button_logo_portfolio
button_quote
button_testimonials

Subscribe Tutorials

Enter your email address:

Support Online

Send a message via Yahoo to Soumendra Jena joomlaservices
Send a message via Skype to Soumendra Jena joomlaservices
Send a message via ICQ to 394295112
Send a message via AIM to joomlaservices
Telephone number of Soumendra Jena +91-9853790816
Send a message via MSN to Soumendra Jena joomlaservices
Telephone number of Soumendra Jena +16195348335

Members Login

Paypal Donation

Enter Amount:

Featured Joomla! Tutorials

Subscribe Joomla Tutorials Newsletter

Name:

Email:


Enter your email address:

Latest Forum Posts

More...