Securing ExpressionEngine Control Panel: The Peekaboo Way!

September 16th, 2009 in ExpressionEngine | Tutorials | 1 comments

ExpressionEngine control panel files, by default are located in a folder called "system". I very much like this naming. It's short and easy to remember, specially for clients.

Since we deploy CMS's it makes sense to refer it as system. However in every install, we rename the system folder to something like "system_bD3WpiOD2HD9" for obvious reasons! Imagine telling your client that they have to remember all that mambo jambo.

So how do we go about renaming the control panel folder while having it easily accessible?

Masking Access to Control Panel

In the user guide there is a section called "Masking Access to the Control Panel" which talks about moving and editing admin.php and path.php files in order to access control panel through a different URL e.g. http://www.example.com/admin.php

What if I want to access control panel via http://www.example.com/system while having it renamed?

Peekaboo! I see you system folder!

Actually you don't! and here is how;

During installation rename the system folder to something else e.g. "system_bD3WpiOD2HD9"

After the installation, create an empty folder called system

Make sure in System Preferences/General Configuration you empty out "Name of your site's index page" box

Move path.php and admin.php into this folder.

Edit path.php to look like this.

$system_path = "../system_bD3WpiOD2HD9/";

Refer to official guide for editing path.php in terms of changing $system_path variable.

Rename admin.php to index.php

Add below URL fix to ".htaccess" file located in the root folder

### ExpressionEngine URL Fix ###
RewriteEngine on
RewriteCond $1 !^(system_bD3WpiOD2HD9|system|images|themes|index\.php) [NC]
RewriteRule ^(.*)$ /index.php/$1 [L]

Load the control panel via http://www.example.com/system and enyoj the masked URL.

Conclusion

I'm sure there are other ways to achieve this outcome or you might have an entirely different approach.

I'd be very much like to hear your thoughts and suggestion on this to improve ExpressionEngine development process.

Picture of Cem Meric

email | follow | peak

Cem Meric

Cem runs a creative web design and development studio called Webunder, specialising in ExpressionEngine CMS and he is an active member of the ExpressionEngine forums.

When he's not working, he enjoys being a hero with friends.

 
Picture of thai silk

like your article. Thanks for the sharing with us.

1 

said thai silk about 4 years, 4 months ago

 

Commenting is not available in this entry.