Magento Security: How to Change the Default Admin URL
Posted on Oct 12 in Magento | (1) Comment
In your production environment you want your Magento application to be as secure as possible (especially if you are saving sensitive customer information such as credit card numbers). To make it harder for people to break into your administration panel you should change the default admin path from www.yoursite.com/admin to something less conspicuous – preferably a random string that would not be susceptible to dictionary attacks.
- Stop the web server.
- Change the admin token in app/etc/local.xml.
<admin>
<routers>
<adminhtml>
<args>
<frontName><![CDATA[newadminpath]]></frontName>
</args>
</adminhtml>
</routers>
</admin> - Clear the cache by deleting the contents of var/cache and var/session and restart the web server.
You should now be able to access your admin panel at www.yourdomain.com/newadminpath
If something goes wrong you can check the configuration values in the database.
select * from core_config_data where path='admin/url/custom'; -- should be http://www.yourdomain.com/newadminpath
select * from core_config_data where path='admin/url/use_custom'; -- should be: 0
select * from core_config_data where path='web/secure/base_url'
select * from core_config_data where path='web/unsecure/base_url'; -- should be: http://www.yourdomain.com
Related Posts
Comments
You say the result of “select * from core_config_data where path=’admin/url/use_custom’;” should be 0, but what should be 0? Should it return no results or must value be 0?
In my case scope_id = 0, but value = 1.
Leave a Comment