Knowledge Base   /   Getting started

HelpDeskZ Security check list

Posted on 14 January 2021 03:28 pm

This page intends to provide basic security tips for HelpDeskZ administrators. In other words - how to make HelpDeskZ more secure and less prone to attacks?

1. Keep HelpDeskZ updated

As with any software, HelpDeskZ evolves and receives regular bug and security updates along with feature improvements. Make sure you always use the latest stable version of HelpDeskZ.

2. Use unique usernames and passwords

Do not use default usernames like admin, administrator, root, etc...

Never use the same password for multiple services. Try to use a password with a combination of letters (downcase and uppercase), numbers and symbols.

3. Change the Staff URI access

HelpDeskZ allows you to change the URL access to staff panel, just edit the file /hdz/app/Config/Helpdesk.php and change the option of STAFF_URI

4. Restrict allowed attachment size and types

If you expect your customers to upload images there is no need to allow uploading of .exe files.

Be conservative about what file attachments you allow:

    Login to HelpDeskZ staff panel
    Go to Setup -> Ticket Settings -> Allowed file types
    Remove the innecessary file types and use the extensions that you will need only.