Mautic Community Forums

Is there a way to rename index.php or change the dir of login page?

Your software
My Mautic version is: 4.1.0
My PHP version is: 7.4.26
My Database type and version is: MySQL 5.6.43

Your problem
My problem is: if people go to my domainname.com/mautic they can see mautic login page.

These errors are showing in the log: this is not an error, I think

Steps I have tried to fix the problem: I have tried to copy the index.php in the root directory but that page does not work the same as index.php in root directory.

I would like the login page for Mautic to be domainname.com/mautic/12345678.php
and the url domainname.com/mautic/ to redirect to domainname.com

Thank you.

Can I ask what is the problem if user finds out mautic login page?

Some suggestions that might help the underlying problem you have (the reason you want this in the first place):

  • If this is because they try to login to Mautic, may I suggest you install and configure fail2ban or something similar?
  • Modify web server config (apache, nginx, etc) in a way so that its possible to login to mautic only from allowed ip (yours - make sure you this config only applies to /s/login)

So far I have not done what you are asking and I do not think there is elegant solution for this on the application level.

Furthermore you should be able to make a redirect from domainname.com/mautic to domainname.com/ by adjusting web server config and only allow access to mautic login page if the user navigates directly to domainname.com/mautic/s/login.php.

One thing to test and play around with to see how it goes (obviously not in production environments) are reverse proxies.

You setup a custom page with form which you name however you want and then on web server level you forward it to /s/login endpoint which you are only allowed to access from your serverĀ“s ip (this was not tested and its only an idea, while the stuff above describe more common approaches).

Regards. M.

Hi,
Yes " Furthermore you should be able to make a redirect from domainname.com/mautic to domainname.com/ by adjusting web server config and only allow access to mautic login page if the user navigates directly to domainname.com/mautic/s/login.php." is the solution I was asking for.
Thanks I will look into doing this solution via virtualhost
I have fail2ban for ssh but have never done it for a webapp. So I will look into it also.

I will mark this solved when I successfully configure the virtualhost to redirect.
Thanks.

also Im hosting it on a vps instance with docker so I am already using traefik as a reverse proxy.
but I am not running Mautic as a separate container because its a small instance and I didnt want to have several apache running at the same time. So on a single ubuntu-apache container I have Mautic Matomo Yourls iDevAffiliate and the stripe checkout site. Otherwise I would have a subdomain for each container.
So in short I am not sure if I can use a reverse proxy inside a reverse proxy?

I am not sure about your reverse proxy question from previous post.

I would maybe add that another way to go about this is by adding recaptcha like mechanism to login form.

You can surely extend Mautic to put recaptcha on the login page and you might even be able to use some of code from this plugin: GitHub - KonstantinCodes/mautic-recaptcha at 1.1.3

However dedicated plugin to put this on Mautic login page should be built.

So the redirect is already used by the .htaccess & whatever I tried with .htaccess or virtualhost.conf just ened up breaking the login
Ok so I kinda figured out a round about way to hide mautic install directory but it requires a fresh install of mautic.

So 1) name the subdirectory something like 12345, this will make your mautic login page example.com/12345/s/login.php 2) make sure the cron jobs now point to the new bin subdirectory 3) instead of sending the visitor directly to the mautic landing pages such as example.com/12345/landingpage. make a landingpage.html in root dir with an iframe to the mautic landingpage. so it looks like example.com/landingpage.html
This way visitors cannot reverse engineer the customer flow experience and mautic will still register visitors and pages can be used in campaign editor.