Welcome to Geeklog Tuesday, November 21 2017 @ 08:41 am EST

Don\'t forget to secure your installation

  • Contributed by:
  • Views: 5,433
Geeklog
Assuming that one has not implemented any WebServer based or file access security changes:

The default install of Geeklog does not secure the installation and will leave your admin/install/install.php file open for anyone to access. I Recommend a few things

  • Remove access rights to the directory
  • Change the name of the install directory
  • Configure webserver security - e.g. Use apache .htaccess
  • All of the above

    Doing a little check before submitting this note, 50% of the sites I checked have open access to install.php. I debated about posting this, in case someone thinks this would be their idea of fun. Hopefully, it will be seen as a reminder to secure our installs - as anyone that has installed GL will know the default install path.

    A recommendation would be for GL to include a install feature like Gallery that will secure all access and redirect anyone without proper authentication to the main page.

    Cheers,
    Blaine