There is an easy way to change the default admin URL in Magento, which will prevent access to the default login screen. This is by no means the final word in securing your Magento installation but it certainly raises the bar to anyone wanting to gain access to your back-end.
Do not use the Admin backend to change it.
- Flush Magento Cache
- Flush Cache Storage
(You can also delete all files in var/cache/ manually if you prefer.
3) Using and FTP client, open the local.xml configuration file located in app/etc/ directory in the root of your Magento installation.
Scroll to the bottom of the file and find the section <admin> <routers>. Inside this section, you will see the default AdminHTML name. It will be labelled like this:
Change the word ‘admin’ using letters or numbers only to something that you will remember. It does not have to be complex; use a word you will remember.
NB: If you get a 404 error when you try to browse to the new Admin login URL:
- try to clear your browser cookies for the site. Also, try to login from another browser that you have not previously used to access the backend.
- if this does not work use your FTP client to delete all files in your /var/cahche folder and then try again
Browsing to your original admin URL should produce a page not found error, which is exactly our intention.
HJR April 2016