Renaming admin.php

9 posts by 5 authors in: Forums > CMS Builder
Last Post: March 15, 2015   (RSS)

Hello,

I have just upgraded to v. 2.63 (Build 1092) and I can see that there are some custom generated security recommendations. One of the suggestions is below:

  • Rename admin.php to something unique such as admin_0457e78cb8c1a18b3abd.php

Can someone please tell me how to rename admin.php without breaking the cmsAdmin URL? I have tried renaming the file but then cmsAdmin does not load.

Thank you,

Greg

By claire - December 1, 2014

Hi Greg

You should be able to access the URL like so:

www.yoursite.com/cmsAdmin/admin_0457e78cb8c1a18b3abd.php

You only need to include the new name of the admin file at the end of the URL and it should work fine.

--------------------

Claire Ryan
interactivetools.com

Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Hi Claire,

Thanks for the reply.

Is the redirect from /cmsAdmin meant to stop working? Is that part of the security improvement? it would make sense if it is.

I was originally thinking that /cmsAdmin would redirect to the newly named admin_RANDOMCHARS.php but perhaps that would defeat the purpose of renaming the file...!

Thanks,

Greg

By claire - December 1, 2014

It would, yes :) I can check with Dave but I'm pretty sure it's a security feature. It forces the user to have the precise URL for that particular install before they're allowed access to the back end.

--------------------

Claire Ryan
interactivetools.com

Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By Dave - March 8, 2015

Hi Kenny, 

Try just connecting with FTP and renaming admin.php to something else.  Then entering that url in the browser, eg: /fay-cms/fay-admin-1234.php

Once you do that everything should just work and the CMS should automatically update the "Program Url" value in the admin settings.

Hope that helps!  Let me know any questions.

Dave Edis - Senior Developer
interactivetools.com

By Twocans - March 9, 2015

Haha,
I feel so so stupid haha,

good morning

k

By Tom - March 14, 2015

Hello Dave,

After rename the admin.php file.

The mysql console plugin not work anymore.

Please advice.

Thanks

By Dave - March 15, 2015

Hi Tom, 

Some servers have a module called "mod_security" which urls when they contain certain character sequences.  Last time we investigated we found that mod_security doesn't block some urls that start with admin.php.  

So the solution is either don't rename admin.php or ask your host to disable mod_security for the cms folder.  And if you get strange 403 errors at various points, that's probably mod_security as well, so ask your host to disable it if that happens.

Hope that helps!

Dave Edis - Senior Developer
interactivetools.com