Security Recommendations

Web Server Redirect Rules

Web server redirect rules are critical to prevent unauthorised access to your SupportPal installation.

Enable HTTPS

https ensures encrypted transport of communication between your customers and your server. It's required by several third party integrations and will also improve consumer confidence in your web site.

Change The Default Operator URL

Change the default operator panel URL prefix from admin to something that only your staff know. The prefix can be updated using the Settings > Admin Folder field in the operator panel.

Configure HTTP Headers

Configure additional HTTP headers to improve the security of your installation.

Moving the storage/ directory

The storage/ can be moved outside the web root directory to prevent unauthorised access to its contents via the web.

Restricting Public Access

SupportPal expects public access to your installation. If you intend to restrict access find out about the limitations.