Akeeba Kickstart Professional – Insecure setup detected

Akeeba Kickstart has detected that its file name is kickstart.php. Please change the file name to something which does not begin with kickstart and ends with .php. For example, you could rename the file to myexample.php Then you can access this file by replacing kickstart.php with the new name in the address bar of your browser.

Why do you need to do that?

Due to its nature, Akeeba Kickstart will execute commands send to it by any web visitor. There is no way to verify the visitor's identity. Since Akeeba Kickstart Professional allows you to import ZIP archives from arbitrary URLs an attacker can use it to load malware to your site while you are restoring your site. Your only protection is to rename Kickstart's file to prevent the attacker from using Akeeba Kickstart Professional against you.

If you do not need the additional features of Akeeba Kickstart Professional you are strongly advised to use Akeeba Kickstart Core. Since it lacks the ability to import remote files it's safe to use without renaming the file.