Skip to main content

Securing the Magento Admin by changing the path - Knowledgebase / Magento - Foregenix Customer Support

Securing the Magento Admin by changing the path

Authors list

Often we see that our customer Magento installations still have their admin area set to the default backend URL /admin/ (, the URL is open to everyone, those of which include bots and attackers who will often try to force their way in via a method known as brute-forcing. Recent Shoplift vulnerability (known by its SUPEE-5344 patch widely announced to public) indicated that the Magento Backend should not be accessible / known for anyone except store staff.


Changing the default /admin/ path is as easy as changing a string within an XML files. To change the default Magento admin path:

  • Make your way to app/etc/ from within your Magento root directory
  • Open the local.xml file
  • Search for the following section of code:


  • Simply change the “admin” string to any random string that you want to use in order to access the backend of your Magento. (ensure that you do not use the term admin)


  • Flush the Magento cache
  • Go to your new backend URL in order to access the admin area, i.e our one would be