Loving all the security contributions and advice! Soaking it up like a wet sponge. Thanks Burt and Xpajun
Now, this is probably an easy answer for you guys but I am in the dark about this.
5. Rename /admin/ and htpasswd it
So I change the admin folder to my new name of choice, then when I go to my Admin page to log into OSCommerce I now get an Error 403. My catalog is still trying to locate the old folder name, admin/login.php
What steps do I also need to do after changing my admin folder name to access my Admin login page again with the new folder name?
Thank you for your help. Total noob with anything having to do with computers and code
Have you changed the admin name in catalog/your_new_admin_folder/includes/configure.php
define('HTTP_SERVER', ''); // eg, http://localhost
or - https://localhost
should not be NULL for productive servers
define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module
define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
define('DIR_WS_CATALOG', '/catalog/');change this to the new name of your admin folder