Security is always the first and foremost critical component in running an online store. We can not deny the popularity of Magento - One of the most widely used CMS platforms out there.
Meanwhile, cyber-attacks are undoubtedly on the rise. It comes as no surprise that Magento has become the prime target of hackers for illegal purposes.
So how to prevent data breaches?
The Magento technical itself continuously releases security patches, version updates, and practices to help merchants increase their site security. One highly recommended method is to change Admin URL.
Thus, this post will mention the advantages of custom Admin URLs as well as 3 steps for effortlessly changing Admin panel URLs in Magento 2.
“Admin URL” is the URL that the admin uses to access a Magento store’s backend. When the Magento installation finishes, the system will create an admin URL with a random string.
This link will lead you to your Magento store’s information hub. Here, you can view, edit and manage everything from order data, customers to extensions and payment settings.
To help you better visualize the default URLs, below is how your admin URL looks like in a typical Magento installation:
Default Base URL: http://yourdomain.com/magento/
Default Admin URL and Path: http://yourdomain.com/magento/admin
However, these default URLs (sitename.com/admin) are incredibly vulnerable to hackers. In other words, they’re easy to crack and predictable as well. This point becomes a huge vulnerability that cybercriminals use to get unauthorized access to your data source.
Customizing the default admin URL in Magento 2 offers several advantages, particularly in terms of security and usability. Here are the key benefits:
Since the admin URL takes you directly to the store’s management system, any failure to prevent hackers from logging in to your admin panel can seriously harm your business.
Still, if you are searching for a Magento 2 exclusive security extension, Mageplaza’s Security is for sure a go-to extension with a comprehensive set of advanced features. Check all logs automatically and get notified of any suspicious activities.
Read more:
”
Before you proceed, ensure you meet these prerequisites:
Changing the Magento 2 Admin URL is a critical step to enhance the security of your eCommerce store. This guide covers three effective methods to change the Admin URL, ensuring you can choose the one that best suits your technical expertise and requirements.
If you already have access to the Magento Admin Panel, you can change the Admin URL directly through the system settings.
#1. Log in to the Admin panel, choose Stores > Settings > Configuration
#2. Navigate to the Advanced section in the left panel and select Admin
#3. Under the Admin Base URL section, locate the Custom Admin URL field
#4. On the Admin Base URL, do the following steps:
Choose Use Custom Admin URL = Yes. Then enter your Custom Admin URL in the format: http://yourdomain.com/magento/
Set Custom Admin Path = Yes. Fill in the Custom Admin Path that’s appended to the Custom Admin URL. Your custom path will be after the “/” slash in your URL above
#5. Once completed, click on the Save Configuration button to apply all your changes. You can now try to log out of your Magento account and log in again using the new URL.
Magento provides a built-in command to update the Admin URL directly from the command line.
To change the admin URL through the command line, you will need to:
Log in to the Magento server with your SSH credentials or FTP client
Go to the app/etc/env/php file in a text editor
Now, look for the code that says ‘frontName.’ You can see the value of its parameter on the right side - which is ‘admin’
Replace the value within the quotes, from ‘admin’ to your new admin URL, for instance, ‘admin’ > ‘backend’
Note: You can only use the lowercase characters for value in the quotes and don’t forget to save the changes once you’re done.
This is how your old and new admin paths look like.
Finally, to complete the changing process, use one of the following methods to clear the Magento cache:
Back to the Admin sider, navigate to System > Tools > Cache Management > Click Flush Magento Cache
Return to the server and run this command: php bin/Magento cache:flush
The env.php file in Magento contains configuration settings, including the Admin URL. Here’s how to update it:
Connect to your server using SSH or a file manager in your hosting control panel.
Navigate to the app/etc/ directory in your Magento root folder.
Open the env.php file in a text editor.
Locate the following configuration:
'backend' => [
'frontName' => 'admin'
],
Replace ‘admin’ with your desired custom URL, for example:
'backend' => [
'frontName' => 'mysecureadmin123'
],
Save the file and close the editor.
Run the following command to flush the Magento cache: php bin/magento cache:flush
Visit the new Admin URL in your browser: http://yourdomain.com/mysecureadmin123
Magento allows its users to restore the default Admin URL as well as Admin path using the command line. All you need to do is to use these revert commands below:
For the default Admin URL: php bin/Magento config:set admin/url/use_custom 0
For the default Admin Path: php bin/Magento config:set admin/url/use_custom_path 0
Finally, don’t forget to clear the Magento cache. Install our Magento 2 Quick Flush Cache to make the process of clearing cache automatic and easier.
Avoid Common Words: Use a unique name that is hard to guess. Avoid using “admin” or “backend.”
Use Alphanumeric Characters: Include a mix of letters and numbers for added security.
Limit Access: Restrict access to the Admin URL by IP address if possible, using your server’s firewall or Magento’s IP restriction settings.
1. Why should I change the default Magento 2 Admin URL?
Changing the default Admin URL enhances security by making it harder for attackers to locate and target the admin login page. This simple measure reduces the risk of brute force attacks and unauthorized access attempts.
2. What is the default Admin URL in Magento 2?
The default Admin URL is typically /admin. However, this is predictable and should be changed to a unique path for better security.
3. Can I change the Admin URL without accessing the env.php file?
Yes, you can change the Admin URL via the Magento command line using the setup:config:set command. This method is straightforward and does not require editing configuration files directly.
4. What happens if I forget my new Admin URL?
If you forget the new Admin URL, you can retrieve it by accessing the env.php file in the app/etc/ directory or by using SSH to check the configuration settings.
5. Will changing the Admin URL affect my website’s frontend?
No, changing the Admin URL only affects the backend login page. The frontend of your website remains unaffected.
6. Can I revert to the default Admin URL if needed?
Yes, you can revert to the default Admin URL by updating the env.php file or using the Magento command line.
7. Do I need to flush the cache after changing the Admin URL?
Yes, flushing the Magento cache is essential to apply the changes. Use the following command: php bin/magento cache:flush
8. Is changing the Admin URL enough to secure my Magento store?
While changing the Admin URL improves security, it should be combined with other measures like enabling two-factor authentication (2FA), using strong passwords, and restricting access by IP address for maximum protection.
Changing the Admin URL in Magento 2 is a simple yet effective way to enhance your store’s security. By following the steps outlined in this guide, you can easily customize your Admin URL and protect your store from potential threats. Remember to always back up your store before making changes and test thoroughly after implementing them.
For ongoing security, combine this with other practices like enabling two-factor authentication (2FA) and using strong admin passwords. By securing your Magento store, you ensure a safe shopping experience for your customers and peace of mind for your business operations.
Jacker is the Chief Technology Officer (CTO) at Mageplaza, bringing over 10 years of experience in Magento, Shopify, and other eCommerce platforms. With deep technical expertise, he has led numerous successful projects, optimizing and scaling online stores for global brands. Beyond his work in eCommerce development, he is passionate about running and swimming.
Related Post
