Magento Open Source, 1.9.x

Magento 1.x Security Patch Notice
For Magento Open Source 1.5 to 1.9, Magento is providing software security patches through June 2020 to ensure those sites remain secure and compliant. Visit our information page for more details about our software maintenance policy and other considerations for your business.

Using a Custom Admin URL

As a security best practice, Magento recommends that you use a unique, custom Admin URL  instead of the default “admin” or the often-used “backend,” Although it will not directly protect your site from a determined attacker, it can reduce exposure to scripts that try to break in to Magento sites.

Check with your hosting provider before implementing a custom Admin URL. Some hosting providers require a standard URL to meet firewall protection rules.

In a typical Magento installation, the Admin URL and path is immediately below the Magento base URL. The path to the store Admin is one directory below the root.

  • Default Base URL
    http://yourdomain.com/magento/
  • Default Admin URL and Path
    http://yourdomain.com/magento/admin

Although it is possible to change the Admin URL and path to another location, any mistake removes access to the Admin, and must be corrected from the server.

As a precaution, do not try to change the Admin URL by yourself unless you know how to edit configuration files on the server.