In your production environment you want your Magento application to be as secure as possible (especially if you are saving sensitive customer information such as credit card numbers). To make it harder for people to break into your administration panel you should change the default admin path from www.yoursite.com/admin to something less conspicuous – preferably a random string that would not be susceptible to dictionary attacks.
- Stop the web server.
- Change the admin token in app/etc/local.xml.
<admin> <routers> <adminhtml> <args> <frontName><![CDATA[newadminpath]]></frontName> </args> </adminhtml> </routers> </admin>
- Clear the cache by deleting the contents of var/cache and var/session and restart the web server.
select * from core_config_data where path='admin/url/custom';
select * from core_config_data where path='admin/url/use_custom';
should be 0
select * from core_config_data where path='web/secure/base_url' select * from core_config_data where path='web/unsecure/base_url';
should be: http://www.yourdomain.com