Secure XenForo

Matt

Owner
These are a couple of tips I thought I'd share on how I secure my own XenForo installations with .htaccess

I'm lucky enough to have static IP addresses at work and home, so I lock down the admin.php and /install/ directory to access only from my own IP addresses

First, securing admin.php
Code:
#Limit Access to ACP
<Files "admin.php">
Order Deny,Allow
Deny from all
  allow from xxx.xxx.xxx.xxx
  allow from yyy.yyy.yyy.yyy
</Files>
The order is important, as it will first Deny all request, unless they are from the allowed list. We then deny all requests, and only allow from the listed addresses

My own .htaccess file has the 403 set to simply redirect back to the root URL
Code:
ErrorDocument 401 default
ErrorDocument 403 https://z22se.co.uk/
ErrorDocument 404 default
ErrorDocument 500 default
The same is done in the /install/ directory
Code:
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
allow from yyy.yyy.yyy.yyy

ErrorDocument 404 https://z22se.co.uk/
ErrorDocument 403 https://z22se.co.uk/
So when anyone other than myself tries to reach the admin.php file or the /install/ directory, they are bounced back to the forum home.
 
Top