Protecting admin.php, the /install directory, and test & development installations using .htaccess

[avalanch]

Doesn't the install file check if the username/email matches the one on records for the installation domain at xenforo.com? That should be enough I would think. And then ask for password.

If failing to enter the username 1 or 2 times, issue a 1 hour lockout for the offender. Most browsers will have it stored in autocomplete once you enter it correctly once and ask it to save.

 

[Paul B]

There is nothing like that in place.

Forum log ins and account log ins are completely separate.

 

[shining]

The following issue has been resolved...
the incorrect configuration was:
Execute PHP as FPM application (nginx)
changed it to FPM application (Apache)
and now it works

#####################

Anyone has an idea why this does not work anymore in .htaccess?
<Files admin.php>
Require all denied
Allow from 127.0.xxx
</FilesMatch>

<Files config.php>
Require all denied
</Files>

and even in src folder does not work:

Require all denied

while

<FilesMatch "(\.htaccess)">
Require all denied
</FilesMatch>

still works...?


Seems like this happens since moving to another server Ubuntu 22.04.4 LTS

 

[Seeker-Smith]

I recently switched to Nginx. Is there a method to do the same with Nginx.

 

[Lucandi]

I recently switched to Nginx. Is there a method to do the same with Nginx.

does it cost?

 

[Seeker-Smith]

does it cost?

Nginx? No.