Renaming AdminCP and ModCP Folders

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Vashnik
    New Member
    • Aug 2006
    • 12

    Renaming AdminCP and ModCP Folders

    I'm trying to rename /core/admincp/ and /core/modcp/ to something else, however the config.php in the /core/includes/ folder does not reflect any of those changes and when I first installed vB5, when specifically entering a new folder name in the field to change /modcp/ to something else when the installation was finished. Was this feature removed or did this feature mistakenly break between 5.1.8 to 5.1.9? Or is there an extra step not covered in the manual and not well known with 5.1.9?
    I have tried adding it to the /core/includes/config.php file and the /vb_root/config.php file and neither worked. Both still show up as /admincp/ and /modcp/ when refreshing the page and checking the link.

    I just purchased the license yesterday and so far, vB5 is the only one that acts like crap on this particular issue. I installed vB3, vB4, vB5 on a secluded web server local to only my machine (localhost) to find out which one I like more before going forward with the version I like best and remove other versions from my testing server. I really wanted to evaluate each one, but so far, vB5 is failing because of the lack of security flexibility that vB3 and vB4 seem to have, namely the easy and painless ability to rename /admincp/ and /modcp/.

    Some information if it helps:
    PHP 5.6.12
    Apache 2.4.16
    MySQL 5.6 (with vB5's config using MySQLi setting)
    Last edited by Vashnik; Thu 24 Sep '15, 8:38pm.
  • Vashnik
    New Member
    • Aug 2006
    • 12

    #2
    Still haven't been able to get vBulletin 5 to reflect the Admin CP and Mod CP folder change. It still shows up as /admincp/ and /modcp/ instead of the name I setup in the /core/includes/config.php file.

    Does anyone know what needs to be done to make vBulletin 5 to reflect the change in folder names?
    Do these variables not even work anymore?
    PHP Code:
    $config['Misc']['admincpdir']
    $config['Misc']['modcpdir'

    Comment

    • Wayne Luke
      vBulletin Technical Support Lead
      • Aug 2000
      • 73976

      #3
      This isn't supported in vBulletin 5 at this time. If you want to secure these directories, you should do so with .htaccess not obfuscation.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

      Comment

      • Mohammed Abu Risha
        Senior Member
        • Oct 2017
        • 412
        • 5.3.x

        #4
        Could you please guide me through the process that I can use to secure admincp directory? I looked for ways to rename it, but could not find a solution.

        Comment

        • Wayne Luke
          vBulletin Technical Support Lead
          • Aug 2000
          • 73976

          #5
          You cannot rename the AdminCP directory in vBulletin 5. Renaming the directory doesn't add security to it. Once someone logs in, all the links lead to the renamed location. You would protect your AdminCP by protecting your Admin Account and access to the Admincp. You can secure the AdminCP to your account by editing the /core/includes/config.php and either enabling Two-Factor Authentication or entering the IP addresses to access it from in the appropriate locations. These can also be used to secure the ModCP but it serves little purpose in vBulletin 5 so you might consider just deleting it.

          Code:
          //  ***** RESTRICT ADMINCP/MODCP ACCESS BY IP *****
          //  You can provide a list of IP addresses that can access the AdminCP. This can increase security of your site.
          //  Enter IP Addresses (XXX.XXX.XXX.XXX) separated by a comma. An Empty value disables this feature.
          $config['Security']['AdminIP'] = '';
          
          //  You can provide a list of IP addresses that can access the ModCP. This can increase security of your site.
          //  Enter IP Addresses (XXX.XXX.XXX.XXX) separated by a comma. An Empty value disables this feature.
          $config['Security']['ModIP'] = '';
          
          // ******** TWO FACTOR AUTHENTICATION CONFIGURATION ******
          // This will require that logins for the modcp, admincp, site builder, inline moderation
          // will require a numeric code generated via an app on the user's cell phone or desktop
          // Admins and moderators will be able to log into normal user portions of the site 
          // without any changes. 
          //
          // This setting will enable two factor authentication for the site
          $config['Security']['mfa_enabled'] = false;
          
          // Uncommenting this will allow individuals moderators and admins to set up the Two Factor
          // security, but will not require it for those that choose not to enable it.  If it is 
          // not set at all Two Factor will be required for all control panel logins and users that 
          // have not configured their Two Factor Security will not be able to log in to the 
          // control panel functions.
          $config['Security']['mfa_force_cp'] = false;
          You can also protect it by deleting the /admincp directory and placing a .htaccess for authorization in the /core/admincp directory. If you do this, then you need to delete these lines from the .htaccess in the main vBulletin directory:
          Code:
          	# Because admincp is an actual directory.
          	RewriteRule ^(admincp/)$ index.php?routestring=$1 [L,QSA]
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API

          Comment

          Related Topics

          Collapse

          Working...