 Posted - 08/09/2019 : 06:08:17
Hi Charlie, in the early days it was recommended to "lock down" the vsadmin and create a secondary and login from there to administer your store. You can set a parameter to disable login in your includes. This is because everyone knows vsadmin. In 2017 there was a feature added to enhance security on the vsadmin, so most folks could quit doing that. https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=107742 quote:
We've added a couple of extra layers of security to the admin login, making it unnecessary in most cases to use a hidden admin login. Firstly, we've added flood control so you can only try a login once every 5 seconds and this should stop Brute Force attacks on the admin login. Secondly, and thanks to Phil@Bettapages for the idea, we've added an optional loginkey parameter. To set this just add the parameter to your vsadmin/includes.asp/php file...
loginkey="myloginkey"
$loginkey="myloginkey";
Changing of course "myloginkey" for a login key of your choice.
Once set, you cannot log in without adding your login key to your admin login URL, for instance...
http://www.yourstoreurl.com/vsadmin/admin.asp?loginkey=myloginkey
http://www.yourstoreurl.com/vsadmin/admin.php?loginkey=myloginkey
You can use anything you like as your loginkey, but as it's going to be entered in the URL you shouldn't use special characters.
However, there may be some reasons to keep a secondary. I have quite a few mods in my admin, and to be sure none of them have any kind of impact on my front end, I use the secondary admin. You are correct in that you must apply any updates to both folders. If you want to go back to using the vsadmin, just delete that secondary admin from the site and if you have set the disallowlogin parameter in that includes file, remove it, and your all set.
Edited by - dbdave on 08/09/2019 06:12:04
| 
Secondary vsadmin, clarification req'd
