Knowledgebase : Getting started
HelpDeskZ Security check list
Posted by Administrator on 16 March 2015 09:38 am

This page intends to provide basic security tips for HelpDeskZ administrators. In other words - how to make HelpDeskZ more secure and less prone to attacks?

1. Keep HelpDeskZ updated

As with any software, HelpDeskZ evolves and receives regular bug and security updates along with feature improvements. Make sure you always use the latest stable version of HelpDeskZ.

 2. Use unique usernames and passwords

Do not use default usernames like admin, administrator, root, etc...

Never use the same password for multiple services. Try to use a password with a combination of letters (downcase and uppercase), numbers and symbols.

 3. Rename /controllers/staff_controller.php

HelpDeskZ allows you to rename this file for the access of staff and admin panel.

For example: rename /controllers/staff_controller.php to /controllers/mypanel123_controller.php
Then you can access to staff using this url:
http://yourhelpdeskz.com/?v=mypanel123 (if permalinks is disable) or
http://yourhelpdeskz.com/mypanel123 (if permalinks is enable)

4. Restrict allowed attachment size and types

If you expect your customers to upload images there is no need to allow uploading of .exe files.

Be conservative about what file attachments you allow:

  1. Login to HelpDeskZ staff panel
  2. Go to Settings -> Tickets -> File Types
  3. Remove the innecessary file types and use the extensions that you will need only.