I have a module called ‘admin’ in my application, which is accessible at /mysite/admin. Something that has just made me wonder, to improve the site security I should really change this URL to something more difficult for someone to guess, such as any random word that only the site admin will know.
I had a play with the urlRules but could not get the desired result, for example:
‘admin-panel’=>‘admin/default/index’,
‘admin-panel/login’=>‘admin/default/login’,
But this will only work for those two URLs. If a user did /mysite/admin/user they would be redirected to the login page.
So the only thing I can think of now is to rename the actual module. I don’t think the module name is referenced a lot throughout the app so that shouldn’t be too difficult to do. Or does anyone have any other suggestions?
Yeah that’s why I was thinking of renaming the admin module, to something that would be difficult for someone to guess. I think if somebody was interested in accessing the backend of the site, one of the first url’s they would try would be mysite/admin
I know that I can enhance the security of the login, or use htaccess but it’s just the thing about not letting users KNOW where the admin section is!