Without a doubt, one of the major potential security threats comes from using the administration tool over the Internet. Should someone gain access to this tool on your live site, they could cause untold mischief, and much wailing and gnashing of teeth will ensue. As a result, we are going to enforce the use of a username and password in order to gain access to the admin
folder, as well as ensure that the admin
folder is only available over a secure server (which uses SSL to encrypt communications).
Note
You might also wish to change the name of the admin
folder to something random, which will add a small amount of security in that it may not be immediately obvious to a potential hacker where this web-based tool is housed. If you do so you will need to edit config.php
to reflect these changes as none of your file paths should contain the word admin
anymore.
Before we do go ahead and secure the admin tool, it is worth considering that forcing communications...