Saturday, April 7, 2012

Change your Joomla Admin Folder Name or Path

If you would like to 'sort of' rename your Joomla administrator directory without having to modify any Joomla code or you don't want to have to use htpasswd to protect that directory, you can achieve it the following way.
This may help limit issues for joomla security in the future.
Create a new directory in your root directory (eg. "myadmin")
Create an index.php file in your "myadmin" directory..

$admin_cookie_code="1234567890";
setcookie("JoomlaAdminSession",$admin_cookie_code,0,"/");
header("Location: ../administrator/index.php");
?>

Add this to .htaccess of your real Joomla administrator directory
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/administrator
RewriteCond %{HTTP_COOKIE} !JoomlaAdminSession=1234567890
RewriteRule .* - [L,F]
To enter your Joomla administration page, you point your browser to "http://yoursite.com/myadmin/" The php code will set a cookie that expires at the end of the session and redirect you to your real administration page. No one will be able to load anything from the administrator directory without having gone through the "myadmin" directory first.

Needless to say, you would choose another directory name for "myadmin" and change the cookie code "1234567890" to something else. Security through obfuscation is no substitute for the real thing but this might make you feel a little better.

http://www.joomlahackers.net/joomla-tutorials/change-joomla-admin-name-or-path.html

No comments: