Like every application you host online, it is simply not just enough to install ExpressionEngine.
The team behind ExpressionEngine recommended that you make the following changes for security purposes.
change the name of the /admin folder (no .php at the end)
To do that, open index.php and admin.php (both found in your site’s root) and update the name of the system directory in both files:
$system_path = './razzmatazz';
rename the /admin.php
To do that, visit Settings >> URL and Path Settings and update the Control Panel URL setting.
Or open system/user/config/config.php (or whatever you have renamed the system folder to) and update the URL using the cp_url override:
$config['cp_url'] = "https://example.com/razzmatazz.php";
strip index.php from your URLs:
Our servers support URL rewriting.
So you can open up your .htaccess (please backup first before making any changes) and add the following code:
RewriteEngine On
RewriteBase /
# Removes index.php from ExpressionEngine URLs
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteCond %{REQUEST_URI} !/system/.* [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
# Directs all EE web requests through the site index file
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
If the site’s system directory (/system/) has been renamed and is still accessible by URL, modify the RewriteCond line above:
RewriteCond %{REQUEST_URI} !/$directoryname/.* [NC]
If you are running ExpressionEngine from a sub-directory rather from the root of your domain (e.g. https://example.com/myeesite/ instead of https://example.com/), remove the slash preceding index.php:
RewriteRule ^(.*)$ index.php/$1 [L]
Go to Settings >> URL and Path Settings in the Control Panel and set the website index page to a blank (empty).
Then click Submit.
Once done, visit the website via Incognito/Private Mode and make sure that the website links are working correctly with index.php removed.
