In your production environment you want your Magento application to be as secure as possible (especially if you are saving sensitive customer information such as credit card numbers). To make it harder for people to break into your administration panel you should change the default admin path from www.yoursite.com/admin to something less conspicuous – preferably a random string that would not be susceptible to dictionary attacks.

  1. Stop the web server.
  2. Change the admin token in app/etc/local.xml.
    <admin>
    <routers>
    <adminhtml>
    <args>
    <frontName><![CDATA[newadminpath]]></frontName>
    </args>
    </adminhtml>
    </routers>
    </admin>
  3. Clear the cache by deleting the contents of var/cache and var/session and restart the web server.
You should now be able to access your admin panel at www.yourdomain.com/newadminpath If something goes wrong you can check the configuration values in the database.
select * from core_config_data where path='admin/url/custom';

should be

http://www.yourdomain.com/newadminpath
select * from core_config_data where path='admin/url/use_custom'; 

should be 0

select * from core_config_data where path='web/secure/base_url'
select * from core_config_data where path='web/unsecure/base_url'; 

should be: http://www.yourdomain.com

This article has 2 comments

  1. Erik

    You say the result of “select * from core_config_data where path=’admin/url/use_custom’;” should be 0, but what should be 0? Should it return no results or must value be 0?

    In my case scope_id = 0, but value = 1.

Leave a Reply

Your email address will not be published. Required fields are marked *