Modx Securing Install

Posted on Feb 08, 2024 by Trevor Smith  | Tags:

Modx version: 3.0.4

Rename the manager and connectors folder

1. Using cpanel I renamed the manager folder to a randomly generated series of characters (8 characters, lowercase and numbers).
2. Edit core/config/config.inc.php to change the path and URL to match the renamed folder
3. Delete core/cache files
4. Login to modx and test

Rename the connectors folders in a similar way

Add code to .htaccess

Using cpanel or filezilla edit the .htaccess file in the root of your Modx install and add the following code (for apache web server):

RewriteCond %{HTTP_HOST} ^(www\.)?example\.com$ [NC]
# Block access to dotfiles and folder people have no need to touch
RewriteRule ^(\.(?!well_known)|_build|_gitify|_backup|core|config.core.php) /index.php?q=doesnotexist [L,R=404]

Change "example" to your domain name.

Rename the admin user name

Edit your default Modx admin user name to use randomly generated series of characters (8 character, lowercase and numbers)

Note: I had to remove the "posted by" from my articles template - otherwise the admin user name is displayed.