Hardening your installation

Increase security

LinkAutocorrect is designed with security in mind, but you can take additional steps to further reduce risks.

  1. After installation, move the linkautocorrect/database.php file to a directory outside your publicly accessible HTML. Afterwards, update the file path reference in storage.php to point to the new location of database.php.
  2. If you use a version control system like Git, add database.php and login.php to your .gitignore file. These files contain sensitive configuration data.

Admin panel lockdown

If you suspect unauthorized access to the LinkAutocorrect admin panel, you can disable access to the admin panel completely using the installation file check mechanism:

  1. Open the login.php file inside the linkautocorrect directory
  2. By default, this lockdown feature is enabled via constants within the login.php file. Ensure the constants are set correctly. 
    const CHECK_FOR_INSTALLATION_FILE = true;
const INSTALLER_FILE_NAME = "install.php";
  3. Create an empty file called install.php inside the linkautocorrect directory.

When you try to access the dashboard now, you should see a page like this:

Screenshot from a PC reading Delete install.php in your LinkAutocorrect installation folder before accessing the dashboard.