Hello Oxid-Community members.
Installed the latest Oxid-CE on a test environment and make first experiences with this “new” shop application.
Now, the first questions are popping up.
I would like to rename the /admin directory.
Which files need to be modified to enter the new directory name?
The “timeout” in the backend is a bit short. Especially in the beginning when setting up a new shop. Where can it be changed?
Thank you and snowy greetings from Finland
sieg01
Hi to Finland and welcome!
moving the admin path is not easy but actually not necessary (security by obfuscation ;)). Just take care you secure it via a .htaccess.
Regards
Thank you.
moving the admin path is not easy
I saw it. 
but actually not necessary (security by obfuscation ;)). Just take care you secure it via a .htaccess.
Not every hoster allows every command within the htaccess or if the client (web shop owner) has a dynamic IP, then … you have discussions.
To rename the backend path is therefore much easier.
Since a couple of years we work with Zen-Cart.
This application comes “out of the box” with this “feature” and during install process the admin/integrator must rename this path.
Could this be an option for OXID as well? This will enhance security without much effort and shop owners have a better sleep.
I do not get the point why this should be more secure then - using a secure login (user|password) does the job
a polish wisdom says:
“its harder to steal a car if you don’t know where it is”
in this case there could be a cron job, which moves the admin panel every hour to another url.
and another chron job for changing admin password every 30 minutes.
Im pretty sure your online shop will become a virtual fort knox. (or at least askaban)
Hi sieg01,
actually I know zen cart pretty much. But I know that you do not mean zen cart as more presta, am I right?
The first time I saw it I was really impressed but actually it is bollocks, isn’t it? Just obfuscation - if you want to find out where admin is located you ought to do some of the really eval tools and it shall not be any problem. Am I right? 
Cheers
[QUOTE=Marco Steinhaeuser;116239]… I know that you do not mean zen cart as more presta, …
The first time I saw it I was really impressed but actually it is bollocks, isn’t it?
[/QUOTE]
Zen-Cart has its benefits as well as disadvantages. Same applies to Oxid-CE.
But this is not the right topic for a pro/contra ZC/Oxid-CE flame.
[QUOTE=Marco Steinhaeuser;116239] if you want to find out where admin is located you ought to do some of the really eval tools and it shall not be any problem. [/QUOTE]
Never faced such challenge. Maybe the existing ZC-shops are not attractive for “those attackers”.
[QUOTE=vanilla thunder;116238]… wisdom says:
“its harder to steal a car if you don’t know where it is” … [/QUOTE]
So true.
[QUOTE=vanilla thunder;116238]in this case there could be a cron job, which moves the admin panel every hour to another url.
and another chron job for changing admin password every 30 minutes. [/QUOTE]
Don’t want to get that paranoid.
Coming back to one of the entry questions of this topic:
Reason for this concern are entries in the error.logs
We can see many attempts to reach the ( lucky us, non existing) “/admin” folder every single day.