Published by Mijingo

movie icon image

EE Insider Blog

Spend your time learning and developing sites with ExpressionEngine and we'll use this blog to keep you informed of all the news related to ExpressionEngine and CodeIgniter.

» Read more in the Archives.

» Have a tip? Send us your EE news.

Learn ExpressionEngine Today

Over a series of 8 videos, watch and learn as Ryan builds an entire ExpressionEngine website from beginning to end. Get started now.

Ask the Readers: Simple or complicated system directory name?

Ask the ReadersThere are two camps: those that use some really complicated, difficult to remember system folder name (e.g. /dhw793hdu2738/) and those that like to keep it simpler (e.g. /controlpanel/). Either way, it’s security through obscurity and there are way better ways to secure your EE site. But I want to ask the readers of EE Insider:

Do you name your system directory something simple or complicated?

Let us know in the comments!

(Pssst…if you use a certain directory name, you might not want to divulge it in the comments!)

Posted on Apr 06, 2010 by Ryan Irelan

Filed Under: Ask the Readers

bluedreamer05:33 on 04.06.2010

I don’t have a standard method as such, but often I’ll choose a word, phrase or combo that the site owner is familiar with.

James05:45 on 04.06.2010

It can’t be too complicated, so the client will remember what the directory is called.

Jacob Graf06:00 on 04.06.2010

I always use a random string for the system directory (eg. dkjh2782kj) or move it above web root. Then I set up another directory relating something within that client’s industry and mask it to the complicated system directory. (eg. Supermarket client masked home directory would be ‘face’ or a lawyer firm’s directory would be ‘justice’, etc) Something that the client can remember, but also, doesn’t reveal the location of the real System folder and files.

mr_dimsum06:03 on 04.06.2010

This might seem totally nerdy, but for my next ExpressionEngine website, I decided to name the control panel after Vector Sigma, the so-called computer operated by the Quintessons and Primus that gives “life” to the Transformers.

I thought there was some awesome lore behind the television series and thought appropriate to give the site, database, etc. a hierarchical naming schematic that follows the structure on the show.

Okay, I’ve said too much. I’m going to end up writing a novel here if I don’t stop now.

Carlo Laitano06:17 on 04.06.2010

I actually move the system directory out of the website root so it can’t be accessed via URL/HTTP. Then I give the system index.php file a significant name, something not common but that clients won’t forget. It’s worked wonders, very secure!

Hendrik-Jan Francke06:19 on 04.06.2010

simple. not super simple but simple.

Paul Frost07:25 on 04.06.2010

Simple, as I encourage users to use the EE Control Panel rather than set up SAEF’s.

I’ve wondered if there is any value in using https for the CP?

Emmanuel10:15 on 04.06.2010

Simple, something like backoffice, backend, backdoor, backstage, coulisses (French for backstage) and so on…

Alex Kendrick10:23 on 04.06.2010

I rename it as an acronym that includes the website’s name and a few other characters.  So while it is easy to remember for people in the know, it is still slightly cryptic.

AJP10:56 on 04.06.2010

I do a simple, but not “system” or “admin” usually.

Ryan, can you do a post on some ways to secure your control panel? Or at least a review of methods?

John Faulds12:49 on 04.06.2010

You can of course mask access to the CP and then name the system folder whatever you like:

Chad Crowell20:13 on 04.06.2010

I’m surprised so many of you don’t mask access to the CP, as John linked to above me.  It takes 30 seconds and allows you to name the system folder anything you like, while hiding it from the users. 

I use 1password to generate a random 12 character string and name it that.  I usually refresh the generator about 10 times and then keep refreshing until I get a string that starts with a letter near the end of the alphabet so that the folder appears at the bottom of the list of files and folders.

Erik Reagan08:01 on 04.07.2010

I mask all of my CPs with random strings similar to Chad’s approach (using 1Password for string generation). I keep the URL that the client uses something simple and always encourage them to book mark the URL anyways.

Chad, why not just manually add a Z in the front if you want it at the bottom of the list of directory contents? smile

Sean01:23 on 04.10.2010

Hmmm I like Chad’s approach and might do that for my next build. Up until now I was using a naming system based on a set prefix and the clients site name.

moogaloo21:35 on 04.12.2010

I had initially been using obvious ones, like /cms and even made them a subdomain… until a site got hacked early on in development.

Since then I always move the system folder above webroot. I’ve also taken to giving them slightly more unusual names, but still something familiar, and I don’t put them as subdomain anymore.