Just upgraded to 7.1.8 from a much older version. I want to make sure my site is secure but I'm not completely clear about logging in and vsadmin. After upgrading I got "login disabled" when I tried accessing my admin, so I changed the disallowlogin parameter to false. So here are my questions:

1) I understand that I can completely delete my secret vsadmin folder, yes? I've tried to do this unsuccessfully. I get "directory not empty"

2) Do I now need to rename my vsadmin folder?

3) Do I delete the disallowlogin parameter in my includes?

4) Do I need to add the loginkey parameter? And if so, does that mean I have to log in every time?

If there's anything I'm missing, please let me know.

Hi Mring,

Things have moved on a little over the last few years so here are my recommendations:

1.Add a login key to your includes.php as outlined here, once done just bookmark the url with the login key

quote:

---

Admin login security (minimum Version 6.7)

You can define your own login key in includes.php meaning that it is possible only to log into the admin using the loginkey in the URL - without that key added the admin will show as disabled. Once set, you cannot log in without adding your login key to your admin login URL, your login URL would look like this for example...

http://www.yourstoreurl.com/vsadmin/login.php?loginkey=myloginkey

You will need the following in includes.php

$loginkey="myloginkey";

Changing of course "myloginkey" for a login key of your choice.

You can use anything you like as your loginkey, but as it's going to be entered in the URL you shouldn't use special characters.

---

2. Once you have that set up you can delete your renamed/secret 'vsadmin' directory from the server.

That's all you need to do The security is in place and nobody is going to know your unique login url.



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*
*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*