Changing the URL for the admin site

kondor · Fri Dec 30, 2016 12:31 pm

Hi all,

Is there any way to change the admin url to some different slug?
I want to use something like mysite/my_new_admin_url instead of using mysite/admin.

Thanks,
Konrad

hungtran · Thu Jan 19, 2017 11:37 am

Hi Konrad,

You can do that by changing the word "admin" in the line 71

Code: Select all

$filters['admin'] = '/admin/';

in bl-kernel/dbsite.class.php to something else.

I think we need to take note of this change to apply again if we update bludit.

Regards,
Hung

hungtran · Thu Jan 19, 2017 11:41 am

Oh I forgot another change.

The file bl-kernel/boot/init.php, line 221, change word "admin" to your own word.

Code: Select all

define('HTML_PATH_ADMIN_ROOT',		HTML_PATH_ROOT.'admin/');

amr · Tue Jan 24, 2017 12:29 pm

you can with 2 ways .
first way is finding the admin url in the kernel file and the 2nd is creating .htaccess file and add a rule for redirection , for example :

//301 Redirect Old File
Redirect 301 /oldpage.html http://www.example.com/newpage.html

Redirect www to non www version of site

RewriteEngine on
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^example\.com
RewriteRule (.*) http://example.com/$1 [R=301,L]

Redirect non-www to www
Same as above except in the reverse, this one forces the www. into your url.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

Another Method - PHP Redirect
This works well if your pages are php enabled, simply place this code at the very top of the old file and your visitors will be smoothly sent to the new location.

<?php
Header("HTTP/1.1 301 Moved Permanently");
Header("Location: http://www.example.com/");
?>

Another Method - Meta Redirect

meta http-equiv="refresh" content="10; url=http://example.com/">
Content="10; tells the browser to wait 10 seconds before transfer, choose however long you would like, you can even choose 0 to give a smoother transition.

hope i could helped

kondor · Sat Jan 28, 2017 6:25 pm

Thanks @hungtran and @amr,

changing it directly in the kernel is the best option in my case, redirection via .htaccess file is not the preferable way in hiding the admin url.

Best regards,
Konrad

susannelisa · Wed Feb 01, 2017 11:29 am

Did you try the kernel way? I did and I get error messages.. since everything on the dashboard is based on the admin url, the page wants to find domain.com/admin/dashboard for example but doesn't find it.

I would like to set a htaccess rule to block the admin page to all ip addresses but my own instead, like you can do with Wordpress but I haven't managed to make it work with Bludit yet.
I suppose it's for security that the original poster wants to change the url?

MurphLee · Sat Feb 11, 2017 7:14 am

Thanks, I think it's good to change the admin url so hackers can't find it and try to brute force it.

kondor · Tue Feb 14, 2017 8:53 am

@susannelisa I did not change anything yet, but will try it in the next days

but another question did you adjust this constant as well?:

Code: Select all

define('HTML_PATH_ADMIN_ROOT',      HTML_PATH_ROOT.'admin/');

According to your question to block the admin page, did you saw this topic viewtopic.php?f=6&t=733&p=2894&hilit=security#p2894, in the last comment, diego wrote that you can edit /bl-kernel/admin/controller/login.php to implement some simple IP restriction like:

Code: Select all

if ($_SERVER['REMOTE_ADDR'] !== 'your IP') {
  // go to hell
  return die();
}

kondor · Wed Feb 15, 2017 9:08 pm

Hi,

i have the solution for both cases:
1) Change the admin url

In files below change the code as follow
bludit\bl-kernel\dbsite.class.php

Code: Select all

$filters['admin'] = 'admin';

to

Code: Select all

$filters['admin'] = ADMIN_SLUG;

bludit\bl-kernel\admin\controllers\ in files
about.php
add-user.php
configure-plugin.php
install-plugin.php
install-theme.php
login-email.php
login.php
plugins.php
settings-advanced.php
settings-general.php
settings-regional.php
settings.php
themes.php
uninstall-plugin.php
users.php

change all occurences of

Code: Select all

Redirect::page('admin', 'dashboard');

to

Code: Select all

Redirect::page(ADMIN_SLUG, 'dashboard');

bludit\bl-kernel\boot\init.php

add or change

Code: Select all

define('ADMIN_SLUG', 'adminek'); 
define('HTML_PATH_ADMIN_ROOT',		HTML_PATH_ROOT.ADMIN_SLUG.'/');

if you#re using default template and still want to use the login section
bludit\bl-themes\log\index.php

Code: Select all

<!-- Actions -->
			<section>
				<ul class="actions vertical">
					<li><a href="<?php echo $Site->url().ADMIN_SLUG ?>" class="button big fit"><?php $L->p('Login') ?></a></li>
				</ul>
			</section>

2) IP restriction for the login

Add following line in
bludit\bl-kernel\boot\init.php

Code: Select all

define('ALLOWED_IP','::1');

and in
bludit\bl-kernel\admin\controllers\login.php

Code: Select all

if (ALLOWED_IP !== '' && $_SERVER['REMOTE_ADDR'] !== ALLOWED_IP) {
    // go to hell
    die();
}

This was tested successful locally with the version of bludit 1.5.2.

Have fun

Best regards,
Konrad

Torsten_Kelsch · Tue Mar 28, 2017 7:22 pm

The restriction to only your own IP addresses can be done via .htacess in case you use an Apache HTTP server:

Code: Select all

<FilesMatch "^(.*)?admin(.*)$">
	Require all denied
	Require ip 12.345.
	Require ip 1234:56::/32
</FilesMatch>

First IP is an IPv4, and second is IPv6. And this example is for Apache 2.4 or later.

This way you don’t need to touch Bludit’s core files, which would be overridden on updates anyway.