Magento 2 Change Admin URL: How to Set a Custom Admin URL

Security is always the first and foremost critical component in running an online store. We can not deny the popularity of Magento - One of the most widely used CMS platforms out there.

Meanwhile, cyber-attacks are undoubtedly on the rise. It comes as no surprise that Magento has become the prime target of hackers for illegal purposes.

So how to prevent data breaches?

The Magento technical itself continuously releases security patches, version updates, and practices to help merchants increase their site security. One highly recommended method is to change Admin URL.

Thus, this post will mention the advantages of custom Admin URLs as well as 3 steps for effortlessly changing Admin panel URLs in Magento 2.

What is an Admin URL?

“Admin URL” is the URL that the admin uses to access a Magento store’s backend. When the Magento installation finishes, the system will create an admin URL with a random string.

This link will lead you to your Magento store’s information hub. Here, you can view, edit and manage everything from order data, customers to extensions and payment settings.

To help you better visualize the default URLs, below is how your admin URL looks like in a typical Magento installation:

• Default Base URL: http://yourdomain.com/magento/

• Default Admin URL and Path: http://yourdomain.com/magento/admin

However, these default URLs (sitename.com/admin) are incredibly vulnerable to hackers. In other words, they’re easy to crack and predictable as well. This point becomes a huge vulnerability that cybercriminals use to get unauthorized access to your data source.

Benefits of changing Magento 2 Admin URL

Customizing the default admin URL in Magento 2 offers several advantages, particularly in terms of security and usability. Here are the key benefits:

• Enhanced security: Changing the admin URL reduces the risk of unauthorized access attempts by making it harder for attackers to guess the login path. This is a simple yet effective way to protect your store from brute force attacks and other vulnerabilities.
• Prevention of automated attacks: Bots and automated scripts often target the default admin URL (/admin). By changing the URL to a unique path, you make your store less susceptible to these automated hacking attempts.
• Improved customer trust: Securing the backend of your store ensures better protection for customer data and transactions. A secure website fosters trust among your customers, encouraging them to shop confidently.
• Brand customization: Customizing the admin URL allows you to align it with your brand identity. This can help create a more personalized environment for managing your store.
• Easy identification: If you manage multiple Magento stores, having unique admin URLs for each store can help you easily identify and access the correct backend.

Since the admin URL takes you directly to the store’s management system, any failure to prevent hackers from logging in to your admin panel can seriously harm your business.

Still, if you are searching for a Magento 2 exclusive security extension, Mageplaza’s Security is for sure a go-to extension with a comprehensive set of advanced features. Check all logs automatically and get notified of any suspicious activities.

Read more:

• How to do a Magento Security Audit on your website?

• How to secure Magento 2 online stores

”

Security for Magento 2

Protect your store from cyber threats with Mageplaza's top-notch security

(28 reviews)

Check it out!

Prerequisites Before Changing Magento 2 Admin URL

Before you proceed, ensure you meet these prerequisites:

• Backup Your Store: Always take a full backup of your Magento store, including the database and files, to avoid data loss during the process.
• SSH Access: You need SSH access to your server to execute Magento commands.
• Proper Permissions: Ensure that you have the correct file and folder permissions set on your Magento installation.

How to change Magento 2 Admin URL?

Changing the Magento 2 Admin URL is a critical step to enhance the security of your eCommerce store. This guide covers three effective methods to change the Admin URL, ensuring you can choose the one that best suits your technical expertise and requirements.

Method 1: Create a custom Admin URL from the Magento Admin

If you already have access to the Magento Admin Panel, you can change the Admin URL directly through the system settings.

#1. Log in to the Admin panel, choose Stores > Settings > Configuration

#2. Navigate to the Advanced section in the left panel and select Admin

#3. Under the Admin Base URL section, locate the Custom Admin URL field

#4. On the Admin Base URL, do the following steps:

• Choose Use Custom Admin URL = Yes. Then enter your Custom Admin URL in the format: http://yourdomain.com/magento/

• Set Custom Admin Path = Yes. Fill in the Custom Admin Path that’s appended to the Custom Admin URL. Your custom path will be after the “/” slash in your URL above

#5. Once completed, click on the Save Configuration button to apply all your changes. You can now try to log out of your Magento account and log in again using the new URL.

Method 2: Change the Admin Path from Command Line

Magento provides a built-in command to update the Admin URL directly from the command line.

To change the admin URL through the command line, you will need to:

• Log in to the Magento server with your SSH credentials or FTP client

• Go to the app/etc/env/php file in a text editor

• Now, look for the code that says ‘frontName.’ You can see the value of its parameter on the right side - which is ‘admin’

• Replace the value within the quotes, from ‘admin’ to your new admin URL, for instance, ‘admin’ > ‘backend’

Note: You can only use the lowercase characters for value in the quotes and don’t forget to save the changes once you’re done.

This is how your old and new admin paths look like.

Finally, to complete the changing process, use one of the following methods to clear the Magento cache:

• Back to the Admin sider, navigate to System > Tools > Cache Management > Click Flush Magento Cache

• Return to the server and run this command: php bin/Magento cache:flush

Method 3: Create a custom Admin Path via env.php File

The env.php file in Magento contains configuration settings, including the Admin URL. Here’s how to update it:

1. Access the env.php File

• Connect to your server using SSH or a file manager in your hosting control panel.

• Navigate to the app/etc/ directory in your Magento root folder.

1. Edit the File

• Open the env.php file in a text editor.

• Locate the following configuration:

'backend' => [
    'frontName' => 'admin'
],

Replace ‘admin’ with your desired custom URL, for example:

'backend' => [
    'frontName' => 'mysecureadmin123'
],

1. Save the Changes

Save the file and close the editor.

1. Flush the Cache

Run the following command to flush the Magento cache: php bin/magento cache:flush

1. Test the New URL

Visit the new Admin URL in your browser: http://yourdomain.com/mysecureadmin123

How to restore the default Admin URL and Admin Path

Magento allows its users to restore the default Admin URL as well as Admin path using the command line. All you need to do is to use these revert commands below:

• For the default Admin URL: php bin/Magento config:set admin/url/use_custom 0

• For the default Admin Path: php bin/Magento config:set admin/url/use_custom_path 0

Finally, don’t forget to clear the Magento cache. Install our Magento 2 Quick Flush Cache to make the process of clearing cache automatic and easier.

Best Practices for Choosing an Admin URL

• Avoid Common Words: Use a unique name that is hard to guess. Avoid using “admin” or “backend.”

• Use Alphanumeric Characters: Include a mix of letters and numbers for added security.

• Limit Access: Restrict access to the Admin URL by IP address if possible, using your server’s firewall or Magento’s IP restriction settings.

FAQs

1. Why should I change the default Magento 2 Admin URL?

Changing the default Admin URL enhances security by making it harder for attackers to locate and target the admin login page. This simple measure reduces the risk of brute force attacks and unauthorized access attempts.

2. What is the default Admin URL in Magento 2?

The default Admin URL is typically /admin. However, this is predictable and should be changed to a unique path for better security.

3. Can I change the Admin URL without accessing the env.php file?

Yes, you can change the Admin URL via the Magento command line using the setup:config:set command. This method is straightforward and does not require editing configuration files directly.

4. What happens if I forget my new Admin URL?

If you forget the new Admin URL, you can retrieve it by accessing the env.php file in the app/etc/ directory or by using SSH to check the configuration settings.

5. Will changing the Admin URL affect my website’s frontend?

No, changing the Admin URL only affects the backend login page. The frontend of your website remains unaffected.

6. Can I revert to the default Admin URL if needed?

Yes, you can revert to the default Admin URL by updating the env.php file or using the Magento command line.

7. Do I need to flush the cache after changing the Admin URL?

Yes, flushing the Magento cache is essential to apply the changes. Use the following command: php bin/magento cache:flush

8. Is changing the Admin URL enough to secure my Magento store?

While changing the Admin URL improves security, it should be combined with other measures like enabling two-factor authentication (2FA), using strong passwords, and restricting access by IP address for maximum protection.

The bottom line!

Changing the Admin URL in Magento 2 is a simple yet effective way to enhance your store’s security. By following the steps outlined in this guide, you can easily customize your Admin URL and protect your store from potential threats. Remember to always back up your store before making changes and test thoroughly after implementing them.

For ongoing security, combine this with other practices like enabling two-factor authentication (2FA) and using strong admin passwords. By securing your Magento store, you ensure a safe shopping experience for your customers and peace of mind for your business operations.