Rename Administrator Folder

[aa1joe]

Hi

I'm new here. I hope I'm in the right forum. I have security issues.
I've worked very little with Joomla templates before but I know my way around other cms so I'm ok to get around for most parts.

Last week I downloaded joomla 1.6

I been having and reading about problems with sites being hacked.
I am trying to find out how to rename the admin folder. It's seems like that's the solution?

On my trial run joomla template 1.5 I tried to rename the admin folder but that did not work.
I even set up a second password from the cpanel to. You know password protected folder.
So that means every time I login the site I have to go through 2 passwords.
Well The trial site still got hacked.

Can someone point me in the right direction as to where or what at I can do to prevent this from happening again?
Right now I don't feel comfortable re-building my hosting site using joomla and I would like to go in this direction.
Please Help.

[mandville]

can we split this topic into two
first renaming or moving the admininistration folder

ok now if you read the following lines carefully.
it is very easy to change the administrator url, it will be very hard to get your site to work afterwards.
if you used the froum search tool, you would have seen this information posted numerous times, more recent than 2009 spread across the forum.
take the advice given, dont mess with the administrator url

have a look at some of these instead
http://extensions.joomla.org/extensions ... protection

regarding your hack.
see this post for guidelines http://forum.joomla.org/viewtopic.php?f=432&t=475313, run the forum post tool and post the results. were these issues with 1.5 or 1.6 ?

Need someone to reply this post PLS...

they will do eventually

[ecocr]

Hi,
I do not normally post in forums, but I have been asked many times by my clients to rename the admin folder for Joomla. If I am running the sites for them then I change the admin and insert the code needed for the admin to be configured from the config file. This does require you to do some coding and I would not recommend it unless you are comfortable working with the files that need to be edited. If you are comfortable with this then you will know how to do it.
***All 3rd party components may stop working if you change the admin folder. You will need to edit each of them to work, changing the old admin folder name to the new admin folder name where it is hard coded into the scripts.

But if you are doing a fresh installation of Joomla 1.5 then you can change the name of the folder by doing the following steps:
edit:includes/define.php
around line 30 define( 'JPATH_ADMINISTRATOR', JPATH_ROOT.DS.'administrator' );
replace with ( 'JPATH_ADMINISTRATOR', JPATH_ROOT.DS.'NEW ADMIN FOLDER' );
edit:admin/includes/define.php
around line 27 define( 'JPATH_ADMINISTRATOR', JPATH_ROOT.DS.'administrator' );
replace with define( 'JPATH_ADMINISTRATOR', JPATH_ROOT.DS.'NEW ADMIN FOLDER' );

Then in the new admin folder create an .htaccess file with the following lines:
# Redirect old admin file path to new admin file path
Redirect /NEW ADMIN FOLDER/media http://YOUR DOMAIN. COM/media
Redirect /NEW ADMIN FOLDER/includes/js http://YOUR DOMAIN. COM/includes/js
Redirect /NEW ADMIN FOLDER/plugins http://YOUR DOMAIN. COM/plugins
Redirect /NEW ADMIN FOLDER/templates/YOUR TEMPLATE NAME/ http://YOUR DOMAIN. COM/templates/YOUR TEMPLATE NAME/
# If you have an image folder then set this line to your image folder and uncomment it.
# Redirect /NEW ADMIN FOLDER/IMAGE FOLDER/ http://YOUR DOMAIN. COM/IMAGE FOLDER/

Last but not least rename your admin folder to the NEW ADMIN FOLDER name:)

For an out of the box installation this should work even if I do not guaranty it. Remember that 3rd party applications will not run until you edit their code and update all hard coded admin directories to the new directory folder.
You should also password protect your new admin folder and if you have the option password protect your stats page. Make sure that you log into your new admin folder using https:// will stop sniffers from finding it.
Many will say that changing the admin folder is more work than it is worth, but using the above code you should not need to edit any core code and you will not have any mindless bots trying to hack your admin area.

Wish you the best of luck and let me know if it does not work.
ecocr

[mandville]

***All 3rd party components may stop working if you change the admin folder. You will need to edit each of them to work, changing the old admin folder name to the new admin folder name where it is hard coded into the scripts.

and as soon as you upgrade joomla or extensions , it will fail.

As you summed it up so nicely in the above paragraph, and with the recommendation that it is not worth the repeated effort,
see http://forum.joomla.org/viewtopic.php?f=432&t=611287

[ecocr]

As mandville points out here this system will fail if you upgrade to Joomla 1.6 from the 1.5 along with many other customized scripts and templates. You can password protect your admin folder and hide it away if you prefer this, it should be password protected even if you move it and you could add a token to the url. Both can be done using the .htaccess file and both would be recommended by many of the senior members of this forum and I am not saying that I do not agree with them!
If you are upgrading within the 1.5 version then it should be enough to rename your new admin folder back to administrator and rename your .htaccess file until you have completed the upgrade and then rename admin folder and turn .htaccess back on. You may need to update the htaccess files depending on the version you are upgrading from and too.

But as said before there are ways of hiding and protecting you admin folder without moving it.Just telling you how to do it for those of you that would rather have it in a secret place:)

ecocr

[kdaniel171]

If we can't do that for 1.6 but is there any way to rename admin folder in joomla 2.5 without risks after update. The url site.com/administrator?pass is good option, but I need to rename it completly like site.com/mysecret folder

[Bernard T]

Theoretically you actually could, but you have to make some core hacks. Since 2.5 is "end of life", so no upgrades will come after 2.5.28, it could be safe to patch the core.
It also heavily depends on the fact that all extensions you use shouldn't have "administrator" folder path hardcoded. But it's really your responsibility alone to test it thoroughly, and do it eventually.

I have made that in my previous testings, and if I get the time I could post the procedure anytime in the future

[kdaniel171]

I have made that in my previous testings, and if I get the time I could post the procedure anytime in the future

I will try to hack it mysefl, if you post the steps I will greatly appreciate that.

[charlesdavis]

ecocr mentioned in details and it will help you to change it, please go deeply!!