by Monica Olinescu on October 12, 2009
In your production environment you want your Magento application to be as secure as possible (especially if you are saving sensitive customer information such as credit card numbers). To make it harder for people to break into your administration panel you should change the default admin path from www.yoursite.com/admin to something less conspicuous – preferably a random string that would not be susceptible to dictionary attacks.
- Stop the web server.
- Change the admin token in app/etc/local.xml.
- Clear the cache by deleting the contents of var/cache and var/session and restart the web server.
You should now be able to access your admin panel at www.yourdomain.com/newadminpath
If something goes wrong you can check the configuration values in the database.
select * from core_config_data where path='admin/url/custom'; -- should be
select * from core_config_data where path='admin/url/use_custom'; --
select * from core_config_data where path='web/secure/base_url'
select * from core_config_data where path='web/unsecure/base_url';
-- should be: