Securing /includes/admin by renaming; problem with links

[caffiendo]

I followed these directions in the tutorial, but there is a problem with the links in the admin control panel. They don't point to the new folder (the renamed admin folder)

2. Rename your /admin folder

It is recommended for additional security that you rename your admin directory after installation. This way, it will be significantly harder for hackers to find your admin area or attempt any attack on breaking into it.

(Before making the following changes, make sure to have a current backup of your files and your database.)

A - Open your admin/includes/configure.php, using a simple text editor like notepad. Change all instances of admin to your chosen new admin folder-name. For maximum security, you may want to consider that new folder name should include numbers and a combination of upper and lower case letters. The longer you make this folder's name the more secure it will be. Make sure you leave all the / intact.

Change this section:
define('DIR_WS_ADMIN', '/admin/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/admin/');
define('DIR_WS_HTTPS_CATALOG', '/');

And this section:
define('DIR_FS_ADMIN', '/home/mystore.com/www/public/admin/');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/');

B - Find your Zen Cart™ /admin/ directory, using your FTP software or your webhost File Manager. Rename the directory to match the settings you just made in step A.

C - To login to your admin system you will now have to visit a new URL that matches the new name used in steps A and B above. For example instead of visiting http://www.example.com/admin/ visit http://www.example.com/NeW_NamE4u/. Use of SSL is highly recommonded to protect your and your customers information. To protect the new admin folder name from packet sniffers, use https in the example link above (this of course depends on your server having an SSL certificate installed).

D - You should also protect your admin area by using an .htaccess file similar to the one shown below, and placing it into /admin/includes. This should already exist in Zen Cart™ versions 1.2.7 and greater.

https://www.zen-cart.com/tutorials/index.php?article=73



Say I renamed my admin section to xyz123. Whenever I try to access anything it still points to admin instead of xyz123. I changed the following

define('DIR_WS_ADMIN', '/admin/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/admin/');
define('DIR_WS_HTTPS_CATALOG', '/');

And this section:
define('DIR_FS_ADMIN', '/home/mystore.com/www/public/admin/');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/'); to
define('DIR_WS_ADMIN', '/xyz123/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/xyz123
/');
define('DIR_WS_HTTPS_CATALOG', '/');

And this section:
define('DIR_FS_ADMIN', '/home/mystore.com/www/public/xyz123
/');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/');

Is this correct? Why do all the hyperlinks in the admin section still have every link pointed to the admin directory instead of the
xyz123 directory?

[afo]

Anywhere you see admin in the config files, you should replace it with the admin's new name... and you need the closing / if you removed it, so

Code:

define('DIR_WS_ADMIN', '/admin/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/admin/');
define('DIR_WS_HTTPS_CATALOG', '/');

should be

Code:

define('DIR_WS_ADMIN', '/xyz123/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/xyz123/');
define('DIR_WS_HTTPS_CATALOG', '/');

[caffiendo]

I do have the closings. I don't know how those got posted there w/o them...

this is what I have:
define('DIR_WS_ADMIN', '/xyz123/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/xyz123/');
define('DIR_WS_HTTPS_CATALOG', '/');

Could this be what is needed?
define('DIR_WS_XYZ123', '/xyz123/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_XYZ123
', '/xyz123/');
define('DIR_WS_HTTPS_CATALOG', '/');
Other than that, I don't know why this isn't working. Do I need to restart it or reboot it somehow?

[afo]

I do have the closings. I don't know how those got posted there w/o them...

this is what I have:
define('DIR_WS_ADMIN', '/xyz123/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/xyz123/');
define('DIR_WS_HTTPS_CATALOG', '/');

Could this be what is needed?
define('DIR_WS_XYZ123', '/xyz123/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_XYZ123
', '/xyz123/');
define('DIR_WS_HTTPS_CATALOG', '/');
Other than that, I don't know why this isn't working. Do I need to restart it or reboot it somehow?

No, the second one is incorrect. The first change you made is right and it should be the only place you have to change aside from the DIR_FS_ADMIN.

Here's a couple of silly questions... did you upload the changed file to your domain? Did you change the name of the folder in the url? (as in http://www.myzencart.com/xyz123/ instead of http://www.myzencart.com/admin/)

[caffiendo]

I thought the DIR_WS_ADMIN was supposed to stay as-is. I just wanted to check on that.

I did upload the changed files and set the permission to 444 (read-only). I also made the new directory (XYZ123) and copied everything to it with this:
cp -rv * ~/sitename/zen/XYZ123

I then checked the files and all copied correctly. I then renamed the admin folder as a backup folder.

When I login to my admin account I goto: http://www.site.com/zc/xyz123/
I then enter my admin user name and password. It logs in fine.

When I go to the menus, like TOOLS -> DEVELOPER's TOOLS, the link still points to http://www.site.com/zc/admin/

Is there something I'm missing here?

[caffiendo]

I just logged off my browser and restarted it and it still points to the admin page, not the new site.

I then went into the cache and cleared it, restarted firefox and it now points to xyz123..

Thanks for the help Afo!

[afo]

No problem! Glad you got it sorted. Gee... closing the broswer and clearing the cache... how... simple.