Securing ExpressionEngine Control Panel: The Peekaboo Way!

September 16th, 2009 in ExpressionEngine | Tutorials | 1 comments

ExpressionEngine control panel files, by default are located in a folder called "system". I very much like this naming. It's short and easy to remember, specially for clients.

Since we deploy CMS's it makes sense to refer it as system. However in every install, we rename the system folder to something like "system_bD3WpiOD2HD9" for obvious reasons! Imagine telling your client that they have to remember all that mambo jambo.

So how do we go about renaming the control panel folder while having it easily accessible?

Masking Access to Control Panel

In the user guide there is a section called "Masking Access to the Control Panel" which talks about moving and editing admin.php and path.php files in order to access control panel through a different URL e.g. http://www.example.com/admin.php

What if I want to access control panel via http://www.example.com/system while having it renamed?

Peekaboo! I see you system folder!

Actually you don't! and here is how;

During installation rename the system folder to something else e.g. "system_bD3WpiOD2HD9"

After the installation, create an empty folder called system

Make sure in System Preferences/General Configuration you empty out "Name of your site's index page" box

Move path.php and admin.php into this folder.

Edit path.php to look like this.

$system_path = "../system_bD3WpiOD2HD9/";

Refer to official guide for editing path.php in terms of changing $system_path variable.

Rename admin.php to index.php

Add below URL fix to ".htaccess" file located in the root folder

### ExpressionEngine URL Fix ###
RewriteEngine on
RewriteCond $1 !^(system_bD3WpiOD2HD9|system|images|themes|index\.php) [NC]
RewriteRule ^(.*)$ /index.php/$1 [L]

Load the control panel via http://www.example.com/system and enyoj the masked URL.