Change ACP Directory
Posted: 11 Feb 2012, 16:21
Even though phpBB's authentication system is virtually impossible to crack, it never hurts to add a little extra security, especially when it comes to protecting your Admin Control Panel. This tutorial will show you how to change the path to your board's Admin Control Panel from yoursite.com/adm/ to yoursite.com/anything_you_want/.
The steps to do this are surpisingly few and simple. In fact, there are only two steps to do this.
NOTE: You will need FTP access to complete all of the steps.
NOTE: This will break any bookmarks you or your co-admins have made to get to the ACP, so do let them know of the change before you actually do it!
Step 1 - Change the link
Due to the use of relative paths in phpBB, there is only one place that I have been able to find in a default phpBB installation that actually references the /adm/ folder by name. That is where U_ACP, the template variable that contains the link to the ACP for administrators, is defined in includes/functions.php. So go ahead and open that file in your text editing program and search for the following line:
Specifically, what you are looking for is the {$phpbb_root_path}adm/index.$phpEx bit near the end. So do an in-line find/replace of adm with the name of the folder.
So for instance, if I were to change it to my_admin_folder, it would be:
(Note that the forward slash / remains. Otherwise, it will not work!)
So now, if you were to try to click the ACP link, you would be linked to yoursite.com/my_admin_folder/ which is a lot more difficult to guess than /adm/.
However, we're still stuck with a problem: if you click the link, you get a 404 error! Did we just remove your access to the ACP? Well, no. It can still (at this point) be accessed at yoursite.com/adm/. It's just that the link does not work because we did not yet change the actual folder.
Which brings us to the next step...
Step 2 - Change the directory
This will require FTP access, as I said, so login and navigate to your forum's root folder. See the adm directory? Right click and select Rename (it may be in a sub-menu depending on your FTP program, but most will have it right next to the Delete option... don't click that!). So click Rename and type in the desired name. It must match the text you used in the previous step exactly!
Alright... now, try it out. You should have no problems accessing your ACP at the new address, and the old address should return a 404 error message.
NOTE: It is a good idea to make it something difficult to guess. Even a long string of alpha-numeric characters works fine; no one can guess it, and you can always either just bookmark it or just click the link any time you need in, instead of typing it out.
Originally posted on phpBB Developers. Copyright (c) David King - 2010. Do not copy or reproduce without permission. If you link to it, please give credit.
The steps to do this are surpisingly few and simple. In fact, there are only two steps to do this.
NOTE: You will need FTP access to complete all of the steps.
NOTE: This will break any bookmarks you or your co-admins have made to get to the ACP, so do let them know of the change before you actually do it!
Step 1 - Change the link
Due to the use of relative paths in phpBB, there is only one place that I have been able to find in a default phpBB installation that actually references the /adm/ folder by name. That is where U_ACP, the template variable that contains the link to the ACP for administrators, is defined in includes/functions.php. So go ahead and open that file in your text editing program and search for the following line:
Code: Select all
'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')
Specifically, what you are looking for is the {$phpbb_root_path}adm/index.$phpEx bit near the end. So do an in-line find/replace of adm with the name of the folder.
So for instance, if I were to change it to my_admin_folder, it would be:
Code: Select all
'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}my_admin_folder/index.$phpEx", false, true, $user->session_id) : '')
(Note that the forward slash / remains. Otherwise, it will not work!)
So now, if you were to try to click the ACP link, you would be linked to yoursite.com/my_admin_folder/ which is a lot more difficult to guess than /adm/.
However, we're still stuck with a problem: if you click the link, you get a 404 error! Did we just remove your access to the ACP? Well, no. It can still (at this point) be accessed at yoursite.com/adm/. It's just that the link does not work because we did not yet change the actual folder.
Which brings us to the next step...
Step 2 - Change the directory
This will require FTP access, as I said, so login and navigate to your forum's root folder. See the adm directory? Right click and select Rename (it may be in a sub-menu depending on your FTP program, but most will have it right next to the Delete option... don't click that!). So click Rename and type in the desired name. It must match the text you used in the previous step exactly!
Alright... now, try it out. You should have no problems accessing your ACP at the new address, and the old address should return a 404 error message.
NOTE: It is a good idea to make it something difficult to guess. Even a long string of alpha-numeric characters works fine; no one can guess it, and you can always either just bookmark it or just click the link any time you need in, instead of typing it out.
Originally posted on phpBB Developers. Copyright (c) David King - 2010. Do not copy or reproduce without permission. If you link to it, please give credit.