To keep your DHRU FUSION installation secure, we strongly recommend implementing the following best practices:
1. Move the downloads and templates_c Folders
These two folders must be writable by DHRU FUSION, which requires setting them to CHMOD 777. To reduce risk, it’s best to move them outside the public web directory (e.g., outside public_html if you’re using cPanel).
After moving the folders, update the paths in your admin panel:
• Go to: Settings > Security
• Update the following fields:
• Template Compiler Path: ../templates_c/
• Download Directory Path: ../download/
Note: If your server uses suPHP or phpsuexec, you do not need to (and cannot) set folders to 777. These environments require permissions to be 755 or lower.
2. Change Your Admin Folder Name
To prevent unauthorized access attempts, rename your admin folder to something unique (e.g., MyAdmin). Do not move the folder, only rename it.
Then update your config file:
• Open /configs/config.php
• Locate the line:
#$customadminpath = "";
• Update it like this:
$customadminpath = "MyAdmin";
(Remove the # and insert your custom admin folder name)
3. Protect Your Config File
If you’re on a shared hosting environment, restrict access to your configuration file by setting its permissions to:
• config/config.php: CHMOD 600
4. Restrict Admin Access by IP
You can add IP-based restrictions to limit access to your admin area:
• Go to: Settings > Security Settings > Admin Allowed IP
• Enter your static IP(s) or a valid IP range:
Examples:
• Single IP:
11.11.11.11
• Multiple IPs:
11.11.11.11 22.22.22.22
• IP Range:
33.33.0.0/16
If you mistakenly lose access due to an incorrect IP setting, remove the .htaccess file from your renamed admin folder to regain access.