Hardening MODX now only for MODX 3?

I was just about to setup a new site (still with the current 2.8.3 version). Now I wanted to check on the Hardening MODX article again, just to make sure I don’t forget anything, but I noticed it’s now only tailored for MODX 3.

Now does this mean, moving the core and renaming the manager and all that isn’t really needed anymore and making the same adjustments as mentioned in the new article (even though on 2.8.3) is just as effective? Looking at the articles history I can still see all the “old” info, but I’m a bit confused to why this was completely deleted instead of like making a new article for the new version, atleast for as long as MODX 3 isn’t officially released.

Yes it is, at least for locking down the core.

You can still rename the manager as an added precaution, though.

1 Like

@vibedesign, I just went through a similar learning curve. I had a site on 2.8.3 with the core moved away but have now moved it back to the default location. I did it to prepare for upgrading to 3.x. I believe it’s just as secure because of rules in .htaccess (for Apache) that protect the core and more.

The hardening doc shows how, along with the MODx example ht.access file in your installation directory (the web root) which you probably renamed .htaccess.

I did have to spend some hours learning about .htaccess, probably time well spent. There are tutorials online ranging from simple to complete, Apache’s own docs show the syntax rules.

One tip: The web server error log can show when you have syntax errors in .htaccess. I saw my log by using cPanel → Metrics → Errors. I’m using shared hosting so I don’t have access to the server config or logs directly.

1 Like

This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.