Userdata Directory
The most important data that this script is
collecting is your user's data. That data is kept by default in the
"/EZUser_Support_Files/userdata/" directory. Keeping that data secure is a
top priority. Here are a few ways to help you do that:
If you are are running on a *nix server, place an .htaccess file in that directory and disallow any direct access to it. For more info, consult the webserver documentation or ask your hosting company.
You can rename the "userdata" directory to some other name so a potential hacker does not know where the user data resides. To do this, make a new directory inside the "EZUser_Support_Files directory. Be sure to name it something hard to guess and include several ramdom characters and numbers in the directoy name. Now copy (don't move or cut) the entire contents of the "userdata" directory into this new folder. You need to leave the original "userdata" directory in it's place for a bit longer. Once the copy is complete, log into the admin back-end and navigate to the "Main Configuration" menu. Enter the new name of the "userdata" directory and click save. If all is well and no typo's were made, you will still find yourself logged in and still viewing the admin back end. It is now safe to delete the original "userdata" directory and it's contents.
If for some reason you can no longer access the admin section, you probably mis-typed the directory name and you are now locked out of the admin back-end since it can no longer find the "userdata" directory and verify your credentials. In this case, you will have to hand edit the main "config.php" file located in the script's root directory and change the "$userdata_location" to its rightful location.
Other Data Directories
You may use this technique to secure the other directories listed in the admin's
"Main Configuration". You can even change the name of the support
directory itself. Changing the "EZUser_Support_Files" directory to random
characters like "CgBt9hUUn432" will hide all of your data at once.
Please Note** If you change the name of the "EZUser_Support_Files"
directory, you will also have to change it in all the other path names listed in
the "Directory Locations" section of the "main Configuration" editer.
Imbedded Admin Links
For your convenience, I have included a link to
the admin section in all of the themes that are shipped with this script.
Since this link will give away the location of the "EZUser_Support_Files"
directory, it is a good idea to remove this link on production servers.
The bottom of each page contains a "Copyright" symbol. That symbol is
clickable and will take you to the admin section (if you are logged in as an
admin of course). But having this link visible on the page gives away the
location of your newly changed "EZUser_Support_Files" directory. If you
just renamed it (as described above), the last thing you want to do id openly
publish the name of that directory. To remove the link, edit the "footer.php"
file in each of the "themes" directories and remove the link. It is
clearly marked with "rem" statments and should be very easy to remove.
Simply edit the file with a text editor, remove the link, re-save and re-upload
the "changed" file.