Cookies help us enhance your experience on our site by storing
information about your preferences and interactions. You can customize your
cookie settings by choosing which cookies to allow. Please note that disabling
certain cookies might impact the functionality and features of our services,
such as personalized content and suggestions.
Cookie Policy
These cookies are strictly necessary for the site to work and may not be disabled.
Cookie name
Description
Lifetime
Provider
_ce.clock_data
Store the difference in time from the server's time and the current browser.
1 day
Crazy Egg
_ce.clock_event
Prevent repeated requests to the Clock API.
1 day
Crazy Egg
_ce.irv
Store isReturning value during the session
Session
Crazy Egg
_ce.s
Track a recording visitor session unique ID, tracking host and start time
1 year
Crazy Egg
_hjSessionUser_2909345
Store a unique user identifier to track user sessions and interactions for analytics purposes.
1 year
HotJar
_hjSession_2909345
Store session data to identify and analyze individual user sessions.
1 day
HotJar
apt.uid
Store a unique user identifier for tracking and personalization.
1 year
Mageplaza
cebs
Store user preferences and settings.
Session
Mageplaza
cf_clearance
Store a token that indicates a user has passed a Cloudflare security challenge.
1 year
Cloudflare
crisp-client
The crisp-client/session cookie is used to identify and maintain a user session within the Crisp platform. It allows the live chat system to recognize returning users, maintain chat history, and ensure continuity in customer service interactions.
Session
Crisp
_ga
Store a unique client identifier (Client ID) for tracking user interactions on the
2 years
Google
_ga_7B0PZZW26Z
Store session state information for Google Analytics 4.
2 years
Google
_ga_JTRV42NV3L
Store session state information for Google Analytics 4.
2 years
Google
_ga_R3HWQ50MM4
Store a unique client identifier (Client ID) for tracking user interactions on the website.
2 years
Google
_gid
Store a unique client identifier (Client ID) for tracking user interactions on the website.
1 day
Google
_gat_UA-76130628-1
Throttle the request rate to Google Analytics servers.
1 day
Google
Advertising cookies
Advertising cookies deliver ads relevant to your interests, limit ad frequency, and measure ad effectiveness.
Advertising cookies deliver ads relevant to your interests, limit ad frequency, and measure ad effectiveness.
Cookie name
Description
Lifetime
Provider
_gcl_au
The cookie is used by Google to track and store conversions.
1 day
Google
__Secure-3PAPISID
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
2 years
Google
HSID
This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.
2 years
Google
__Secure-1PSID
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
2 years
Google
SID
This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.
2 years
Google
APISID
This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.
2 years
Google
__Secure-1PAPISID
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
2 years
Google
__Secure-3PSID
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
2 years
Google
SSID
This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.
2 years
Google
SAPISID
This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.
2 years
Google
__Secure-3PSIDTS
This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.
2 years
Google
__Secure-1PSIDTS
This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.
2 years
Google
SIDCC
This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data, and protect visitor data from unauthorized access.
3 months
Google
__Secure-1PSIDCC
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
1 year
Google
__Secure-3PSIDCC
This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.
1 year
Google
1P_JAR
This cookie is a Google Analytics Cookie created by Google DoubleClick and used to show personalized advertisements (ads) based on previous visits to the website.
1 month
Google
NID
Show Google ads in Google services for signed-out users.
6 months
Google
Analytics cookies
Analytics cookies collect information and report website usage statistics without personally identifying individual visitors to Google.
Analytics cookies collect information and report website usage statistics without personally identifying individual visitors to Google.
Cookie name
Description
Lifetime
Provider
_dc_gtm
Manage and deploy marketing tags through Google Tag Manager.
1 year
Google
1P_JAR
Gather website statistics and track conversion rates for Google AdWords campaigns.
1 month
Google
AEC
1 month
Google
ar_debug
Debugging purposes related to augmented reality (AR) functionalities.
1 month
Doubleclick
IDE
The IDE cookie is used by Google DoubleClick to register and report the user's actions after viewing or clicking on one of the advertiser's ads with the purpose of measuring the effectiveness of an ad and to present targeted ads to the user.
1 year
Doubleclick
ad_storage
Enables storage, such as cookies (web) or device identifiers (apps), related to advertising.
1 year
Google
ad_user_data
Sets consent for sending user data to Google for online advertising purposes.
1 year
Google
ad_personalization
Sets consent for personalized advertising.
1 year
Google
analytics_storage
Enables storage, such as cookies (web) or device identifiers (apps), related to analytics, for example, visit duration.
Magento 2 Change Admin URL: How to Set a Custom Admin URL - Mageplaza
Magento 2 Change Admin URL: How to Set a Custom Admin URL
Vinh Jacker|03-17-2025
Security is always the first and foremost critical component in running an online store. We can not deny the popularity of Magento - One of the most widely used CMS platforms out there.
Meanwhile, cyber-attacks are undoubtedly on the rise. It comes as no surprise that Magento has become the prime target of hackers for illegal purposes.
So how to prevent data breaches?
The Magento technical itself continuously releases security patches, version updates, and practices to help merchants increase their site security. One highly recommended method is to change Admin URL.
Thus, this post will mention the advantages of custom Admin URLs as well as 3 steps for effortlessly changing Admin panel URLs in Magento 2.
What is an Admin URL?
“Admin URL” is the URL that the admin uses to access a Magento store’s backend. When the Magento installation finishes, the system will create an admin URL with a random string.
This link will lead you to your Magento store’s information hub. Here, you can view, edit and manage everything from order data, customers to extensions and payment settings.
What is an Admin URL?
To help you better visualize the default URLs, below is how your admin URL looks like in a typical Magento installation:
Default Base URL: http://yourdomain.com/magento/
Default Admin URL and Path: http://yourdomain.com/magento/admin
However, these default URLs (sitename.com/admin) are incredibly vulnerable to hackers. In other words, they’re easy to crack and predictable as well. This point becomes a huge vulnerability that cybercriminals use to get unauthorized access to your data source.
Benefits of changing Magento 2 Admin URL
Benefits of creating Magento 2 custom Admin URL
Customizing the default admin URL in Magento 2 offers several advantages, particularly in terms of security and usability. Here are the key benefits:
Enhanced security: Changing the admin URL reduces the risk of unauthorized access attempts by making it harder for attackers to guess the login path. This is a simple yet effective way to protect your store from brute force attacks and other vulnerabilities.
Prevention of automated attacks: Bots and automated scripts often target the default admin URL (/admin). By changing the URL to a unique path, you make your store less susceptible to these automated hacking attempts.
Improved customer trust: Securing the backend of your store ensures better protection for customer data and transactions. A secure website fosters trust among your customers, encouraging them to shop confidently.
Brand customization: Customizing the admin URL allows you to align it with your brand identity. This can help create a more personalized environment for managing your store.
Easy identification: If you manage multiple Magento stores, having unique admin URLs for each store can help you easily identify and access the correct backend.
Since the admin URL takes you directly to the store’s management system, any failure to prevent hackers from logging in to your admin panel can seriously harm your business.
Still, if you are searching for a Magento 2 exclusive security extension, Mageplaza’s Security is for sure a go-to extension with a comprehensive set of advanced features. Check all logs automatically and get notified of any suspicious activities.
Before you proceed, ensure you meet these prerequisites:
Backup Your Store: Always take a full backup of your Magento store, including the database and files, to avoid data loss during the process.
SSH Access: You need SSH access to your server to execute Magento commands.
Proper Permissions: Ensure that you have the correct file and folder permissions set on your Magento installation.
How to change Magento 2 Admin URL?
Changing the Magento 2 Admin URL is a critical step to enhance the security of your eCommerce store. This guide covers three effective methods to change the Admin URL, ensuring you can choose the one that best suits your technical expertise and requirements.
Method 1: Create a custom Admin URL from the Magento Admin
If you already have access to the Magento Admin Panel, you can change the Admin URL directly through the system settings.
#1. Log in to the Admin panel, choose Stores > Settings > Configuration
#2. Navigate to the Advanced section in the left panel and select Admin
#3. Under the Admin Base URL section, locate the Custom Admin URL field
The Admin Base URL on the Magento store’s backend
#4. On the Admin Base URL, do the following steps:
Choose Use Custom Admin URL = Yes. Then enter your Custom Admin URL in the format: http://yourdomain.com/magento/
Set Custom Admin Path = Yes. Fill in the Custom Admin Path that’s appended to the Custom Admin URL. Your custom path will be after the “/” slash in your URL above
#5. Once completed, click on the Save Configuration button to apply all your changes. You can now try to log out of your Magento account and log in again using the new URL.
Method 2: Change the Admin Path from Command Line
Magento provides a built-in command to update the Admin URL directly from the command line.
To change the admin URL through the command line, you will need to:
Log in to the Magento server with your SSH credentials or FTP client
Go to the app/etc/env/php file in a text editor
Now, look for the code that says ‘frontName.’ You can see the value of its parameter on the right side - which is ‘admin’
Replace the value within the quotes, from ‘admin’ to your new admin URL, for instance, ‘admin’ > ‘backend’
Note: You can only use the lowercase characters for value in the quotes and don’t forget to save the changes once you’re done.
This is how your old and new admin paths look like.
Example of setting custom Amind URL at the backend
Finally, to complete the changing process, use one of the following methods to clear the Magento cache:
Back to the Admin sider, navigate to System > Tools > Cache Management > Click Flush Magento Cache
Return to the server and run this command: php bin/Magento cache:flush
Method 3: Create a custom Admin Path via env.php File
The env.php file in Magento contains configuration settings, including the Admin URL. Here’s how to update it:
Access the env.php File
Connect to your server using SSH or a file manager in your hosting control panel.
Navigate to the app/etc/ directory in your Magento root folder.
Edit the File
Open the env.php file in a text editor.
Locate the following configuration:
'backend' => [
'frontName' => 'admin'
],
Replace ‘admin’ with your desired custom URL, for example:
Run the following command to flush the Magento cache: php bin/magento cache:flush
Test the New URL
Visit the new Admin URL in your browser: http://yourdomain.com/mysecureadmin123
How to restore the default Admin URL and Admin Path
Magento allows its users to restore the default Admin URL as well as Admin path using the command line. All you need to do is to use these revert commands below:
For the default Admin URL: php bin/Magento config:set admin/url/use_custom 0
For the default Admin Path: php bin/Magento config:set admin/url/use_custom_path 0
Finally, don’t forget to clear the Magento cache. Install our Magento 2 Quick Flush Cache to make the process of clearing cache automatic and easier.
Best Practices for Choosing an Admin URL
Avoid Common Words: Use a unique name that is hard to guess. Avoid using “admin” or “backend.”
Use Alphanumeric Characters: Include a mix of letters and numbers for added security.
Limit Access: Restrict access to the Admin URL by IP address if possible, using your server’s firewall or Magento’s IP restriction settings.
FAQs
1. Why should I change the default Magento 2 Admin URL?
Changing the default Admin URL enhances security by making it harder for attackers to locate and target the admin login page. This simple measure reduces the risk of brute force attacks and unauthorized access attempts.
2. What is the default Admin URL in Magento 2?
The default Admin URL is typically /admin. However, this is predictable and should be changed to a unique path for better security.
3. Can I change the Admin URL without accessing the env.php file?
Yes, you can change the Admin URL via the Magento command line using the setup:config:set command. This method is straightforward and does not require editing configuration files directly.
4. What happens if I forget my new Admin URL?
If you forget the new Admin URL, you can retrieve it by accessing the env.php file in the app/etc/ directory or by using SSH to check the configuration settings.
5. Will changing the Admin URL affect my website’s frontend?
No, changing the Admin URL only affects the backend login page. The frontend of your website remains unaffected.
6. Can I revert to the default Admin URL if needed?
Yes, you can revert to the default Admin URL by updating the env.php file or using the Magento command line.
7. Do I need to flush the cache after changing the Admin URL?
Yes, flushing the Magento cache is essential to apply the changes. Use the following command: php bin/magento cache:flush
8. Is changing the Admin URL enough to secure my Magento store?
While changing the Admin URL improves security, it should be combined with other measures like enabling two-factor authentication (2FA), using strong passwords, and restricting access by IP address for maximum protection.
The bottom line!
Changing the Admin URL in Magento 2 is a simple yet effective way to enhance your store’s security. By following the steps outlined in this guide, you can easily customize your Admin URL and protect your store from potential threats. Remember to always back up your store before making changes and test thoroughly after implementing them.
For ongoing security, combine this with other practices like enabling two-factor authentication (2FA) and using strong admin passwords. By securing your Magento store, you ensure a safe shopping experience for your customers and peace of mind for your business operations.
Jacker is the Chief Technology Officer (CTO) at Mageplaza, bringing over 10 years of experience in Magento, Shopify, and other eCommerce platforms. With deep technical expertise, he has led numerous successful projects, optimizing and scaling online stores for global brands. Beyond his work in eCommerce development, he is passionate about running and swimming.
Discover a step-by-step framework for effective social media marketing. Learn how to optimize content, run ads, track KPIs, and future-proof your strategy across all major platforms.
Discover a step-by-step framework for effective social media marketing. Learn how to optimize content, run ads, track KPIs, and future-proof your strategy across all major platforms.
Discover a step-by-step framework for effective social media marketing. Learn how to optimize content, run ads, track KPIs, and future-proof your strategy across all major platforms.
Discover a step-by-step framework for effective social media marketing. Learn how to optimize content, run ads, track KPIs, and future-proof your strategy across all major platforms.