Magento is a secure platform, but it has security concerns that web admins have to look for.
Being one of the most popular eCommerce platforms, it attracts a lot of hacking attacks every year. So if you are on Magento, you should tighten the security wherever possible.
One minor way to protect the site from a hacking attack is to change Magento login URL.
This article will show you how to change Magento 2 Admin URL.
Why Change the Magento Admin URL?
The default Magento admin URLs are:
So, anyone can guess your store’s login URL if you are not changing it to something else.
But, then, what harm anyone can do to the store if they know your login URL. They have to know the correct username-password combination to log in to the store.
Well, the hackers can run a Brute Force attack to guess the password of the Magento store.
They can find usernames with social engineering, and as usernames are typically public key, they can be guessed.
Most people keep their name or ‘admin’ as their username. However, a strong password would be tough to crack.
In Brute Force Attack, the hackers use random strings to log in until the right one works. It’s a lot of work, but it works.
Limit login restricts the multiple wrong attempts to login by blocking the IP address. If limit login is enabled on the Magento store, your store admin URL will block the user’s IP.
Without a login limit function, the bots will keep logging in until they find the correct username-password combination.
The stronger the password is, the more challenging it will be to guess it correctly.
An 8 character password has more combinations than a 6 character password. In addition, if you use multiple characters (numerals, alphabets, and special characters), the password will become more complex.
Changing the Login URL
When the hacker does not know the Login URL, they cannot even execute the brute force attack as they don’t have the page to run it.
Changing Magento Admin URL is a tiny tweak in Magento security; however, the impact is considerable.
#1 Change Magento 2 Admin URL from the Backend
Go to your Magento 2 admin panel.
Navigate to the Stores > Settings > Configuration
Step 1: Look at the left Menu, see the Advance section and Click on the Admin.
Left Menu > Advance Section > Admin
Step 2: Click on the Expand the Admin Base URL section to expand it.
Step 3: Set Use Custom Admin URL to “Yes”. Enter the Custom Admin URL in the following format: http://yourdomain.com/magento
Step 4: Set Custom Admin Path to “Yes”. Then, enter the Custom Admin Path. The path you enter is appended to the Custom Admin URL after the last forward slash.
Click the Save Config button.
#2 Change the Admin Path in Config.Php
You can change the magento admin URL by editing the config.php file.
- Log in to your store server via SSH or SFTP client.
- Navigate to the app/etc folder
- Open env.php file on a text editor
- Do a ‘Ctrl+F’ to search the code – ‘frontName’
- Change the code in quotes written in right of the ‘frontName’
- Add ‘admin123’ or whatever you like to be the new admin URL
- Flush cache.
<?php return array ( ‘backend’ => array ( ‘frontName’ => ‘admin’, )
#3 Change frontname via Server Command Line
Follow these steps to change the Magento 2 Admin URL via the command line.
- Log in to your Magento hosting server via SSH
- Navigate to the root directory of your store.
- Run this command:
php bin/magento setup:config:set –backend-frontname=“newadminurl”
- Replace newadminurl with the admin URL want to assign
- Check or view your new admin URL via command line: magento info:adminurl
#4 Change Magento Admin URL within Breeze
If your store is on Breeze, you get an option to pick the Magento admin URL when building the store. If you don’t change it while making the store, you can quickly change it from the dashboard.
Follow the step to change the admin URL of the Magento store in Breeze:
- Login to Breeze platform
- Select the Company you have that Store
- Open the Store
- Go to the Access from the Navigation on the Left side
- Find the URL under the Magento Admin section.
- Click on the pencil icon to change it.
- Click on Save to change to Magento Admin URL.
Changing the admin URL is a small way to protect your Magento store. However, having a default admin URL is not something security experts recommend.
If you do not know what you are doing, playing with SSH and config.php files is not wise. You can change the admin URL from the Magento backend.
The easiest method is Breeze. Check out how Breeze can make your Magento hosting easier and save your team hours. Book a Demo Today.