Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Allow for renamed textpattern folder
I would like to be able to give the folder textpattern/ a different name. Why? Because everyone who know my site runs on textpattern can go to the login-page and try to get in. Plus there is nothing – at least that I know of – that would stop them from just trying all possible name/password combinations (brute-force).
Plus some people might consider renaming this folder for cosmetic reasons.
As far as I can see this could relatively easily be solved by setting the name of the textpattern/ folder in the config file and as a variable.
Yoko for Textpattern – A free blog theme • Minimum Theme – If all you want to do is write.
Note: I am currently not actively using Textpattern, so I am not in the forums very often
Offline
Re: Allow for renamed textpattern folder
Renaming the Textpattern Admin Directory for Added Security
Don’t know if it still applies to 4.0.4?
We Love TXP . TXP Themes . TXP Tags . TXP Planet . TXP Make
Offline
Re: Allow for renamed textpattern folder
stephan wrote:
Because everyone who know my site runs on textpattern can go to the login-page and try to get in. Plus there is nothing – at least that I know of – that would stop them from just trying all possible name/password combinations (brute-force).
Boredom comes to mind. :)
Offline
#4 2006-11-04 15:26:17
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Allow for renamed textpattern folder
…just trying all possible name/password combinations…
Choose better passwords; they should never be words, dates, addresses, etc.
Offline
Re: Allow for renamed textpattern folder
I intend to keep my passwords as safe as possible while still being able to memorize it, but that wasn’t my main point. Being able to rename the textpattern directory gives you
- a chance to use a nicer name for the admin URL (please, don’t make me use mod_rewrite for such a simple task) which would allow to follow some semantic pattern (admin/ or backstage/ is much more telling than textpattern/, which – I have to admit – contains more than just the admin-site but then again, inxed.php technically belongs to textpattern as well)
- security by obscurity since passers-by do not know where to look for the admin page plus you could better conceal which CMS/blog-software you use.
Since renaming the textpattern directory is a very simple task for everyone who thinks about the beforementioned points, but this is merely a feature request that can of course be denied but would make upgrading for those of us who care about renaming the folder still a bit more comfortable. (I sense there is a need for this since there already is an entry on this in the wiki which hcgtv mentioned).
Yoko for Textpattern – A free blog theme • Minimum Theme – If all you want to do is write.
Note: I am currently not actively using Textpattern, so I am not in the forums very often
Offline
Re: Allow for renamed textpattern folder
stephan, join in the feature request ;)
We Love TXP . TXP Themes . TXP Tags . TXP Planet . TXP Make
Offline
Re: Allow for renamed textpattern folder
I’m in :-)
Yoko for Textpattern – A free blog theme • Minimum Theme – If all you want to do is write.
Note: I am currently not actively using Textpattern, so I am not in the forums very often
Offline
#8 2006-11-28 16:57:36
- hazel
- Member
- From: Glastonbury, UK
- Registered: 2006-09-22
- Posts: 36
Re: Allow for renamed textpattern folder
It’s possible to do this with mod_rewrite, though /textpattern will still be accessible.
There’s a snippet on textpattern.org but that doesnt seem to work.
After more tinkering I came up with the following, which aims at renaming “textpattern” to “admin”:
1. If the user types in only “www.yourdirectory.org/admin” — a trailing slash should be added
2. Rewrite “/textpattern/” as “/admin/”
RewriteEngine On
RewriteRule ^admin$ admin/ [R]
RewriteRule ^admin/(.*) textpattern/$1But at the moment I cant get the trailing slash bit working, which is important otherwise the txp stylesheet, images etc. are not found and it is rendered without them.
Any ideas?
Edit: Seems to be a conflict with the default txp rewrites. I’ve tried swapping the orders around but no luck.
Last edited by hazel (2006-11-28 17:37:14)
Offline
#9 2007-01-21 23:36:00
- ande
- Member
- Registered: 2007-01-21
- Posts: 25
Re: Allow for renamed textpattern folder
One good reason to allow this is the following:
IF someone might find a vulnerability to textpattern it will be accessed via the admin interface. As soon as the vuln. is known, it is only necessary to write a dumb script which tries out a gazillion domain names just to find out where are the txp sites. If we could change the textpattern folders name, a lot of us could have a lot more time before being attacked – if at all!
This alone is a good reason I think!
Last edited by ande (2007-01-21 23:36:55)
Offline