This page intends to provide basic security tips for HelpDeskZ administrators. In other words - how to make HelpDeskZ more secure and less prone to attacks?
As with any software, HelpDeskZ evolves and receives regular bug and security updates along with feature improvements. Make sure you always use the latest stable version of HelpDeskZ.
Do not use default usernames like admin, administrator, root, etc...
Never use the same password for multiple services. Try to use a password with a combination of letters (downcase and uppercase), numbers and symbols.
HelpDeskZ allows you to change the URL access to staff panel, just edit the file /hdz/app/Config/Helpdesk.php and change the option of STAFF_URI
If you expect your customers to upload images there is no need to allow uploading of .exe files.
Be conservative about what file attachments you allow:
Login to HelpDeskZ staff panel
Go to Setup -> Ticket Settings -> Allowed file types
Remove the innecessary file types and use the extensions that you will need only.