As this will hold some sensitive data, I wondered what obvious steps we can take to secure our self hosted installation.
Is it possible to clear down the obvious branding on the login page?
Are the logs compatible with fail2ban jails?
Thanks
There isn’t really any branding with the white label. But I understand what your saying, why not just password protect the /login page?
Ok thanks.
I thought it was only the invoice that got de-invoiceninjed and not everywhere.
I’ve added htaccess control, but the page still shows in full, so it still clearly shows it for ‘invoices’ and should be a target.
Also, does using .htaccess stop the android app from getting access? Will try it, but seems like it will stop access.
The branding remains in the app but is removed from the admin login page.
Not sure about the .htaccess file/android app, you’ll need to test it.