Security Recommendations
Web Server Redirect Rules
Web server redirect rules are critical to prevent unauthorised access to your SupportPal installation.
Enable HTTPS
https
ensures encrypted transport of communication between your customers and your server. It's required by several third party integrations and will also improve consumer confidence in your web site.
Change The Default Operator URL
Change the default operator panel URL prefix from admin to something that only your staff know. The prefix can be updated using the Settings > Admin Folder field in the operator panel.
Configure HTTP Headers
Configure additional HTTP headers to improve the security of your installation.
Moving the storage/
directory
The storage/
can be moved outside the web root directory to prevent unauthorised access to its contents via the web.
Restricting Public Access
SupportPal expects public access to your installation. If you intend to restrict access find out about the limitations.