Secure Your Admin Page With the Hundreds of Thousands Chinese Characters

Hello All,



Chinese characters are more difficult to hack (because there are many more than 250 Western Roman (ISO) characters).



You can now put Chinese characters in the password of your administration page.



For example, change the common name:



admin



By this name in Chinese:



管理员



Or by any other name in Chinese.



Here’s how:



1 - Go to:



[URL=“http://translate.google.com/?hl=en#en|zh-CN|”]http://translate.google.com/?hl=en#en|zh-CN|[/URL]



Translate an English word with its equivalent in Chinese. In this example we will take “admin” which translates as “管理员”.



However, I recommend another word, or better, a sentence that is more difficult to hack.



2 - Copy the Chinese translation result, here for our example “管理员”.



3 - Go to your “admin.php” backoffice



4 - Change your password in Users > Users > Admin



From:



admin



to:



管理员



5 - Save



7 - Sign out.



8 - Login with your new password:



管理员



9 - That’s it, everything should work!



Now it’s a LITTLE bit more difficult to hack or find your password!





Lee Li Pop

This is a cool idea, but I do see a problem with it. Since I don’t know Chinese I would have a tough time being able to log back into my store especially from a different computer. The only way I can see it working would either be to save my password on my computer which leads to some security issues or to go to Google Translate every time I want to login.



Is there another way I’m not thinking about?



Brandon

remember the password in english and use google translate when you’re on a different computer.



you dont need to save it.



clever idea Lee Li Pop

I use RoboForm2Go. I don’t ever have to worry about remembering user names or passwords.

Let us not go crazy about hidding admin.php



And, please, let us not add some layers of security that are dubious in their help. While it might not be a bad idea for Chinese speaker, for us with 26 letters, it is a mental overkill.



There are OTHER options available.


  1. You can set in htaccess (not in CS-Cart) for the file to be IP protected
  2. You can set in htaccess for admin.php to be protected with htpassword, it will give an additional apache level password access to the file…
  3. Add all two and it is safe.



    Plus, there are no known admin.php problems other than brute force pw attacks.

I think you misunderstood her idea. It is to change the username admin to chinese characters not the admin.php page name.

Yes, I did misunderstand. However, we are using emails as usernames, thus, it is much longer than “admin” and rather hard to guess already.

Hello ET,


[quote name=‘ETInteractive’]clever idea Lee Li Pop[/QUOTE]



I’m proud and confused to read your words. Thank you. :oops:



Did you read my new thread “How to Secure Access to Admin.php Page”?





Lee Li Pop