Log in


  • Category: Site admin
  • License: Modified BSD license
  • Updated: 2012-10-24
  • Downloads: 436
  • Recommendations: 4


Previous releases:

Other Projects

View Steve Clay's plugins

Upgrade Key for Elgg 1.8

Prohibit non-admins from executing /upgrade.php

Last updated 547 days ago

This plugin prevents anonymous visitors from regenerating caches by executing Elgg's upgrade.php script.

  1. Enable the plugin
  2. Create an alphanumeric secret key. E.g. ABBA4ever
  3. Edit engine/settings.php and set $CONFIG->upgrade_key to your key. E.g. $CONFIG->upgrade_key = 'ABBA4ever';

Once configured, one of two conditions must be met to run upgrade.php:

  • User is logged in as an admin
  • The URL includes the secret key as key in the querystring. E.g. upgrade.php?key=ABBA4ever

Note: Your key needn't be alphanumeric, but this makes easy copy/pasting and eliminates URL encoding issues.