Renaming Your Admin Folder
While access to your admin area is protected by the requirement of your admin password, it is recommended for additional security that you rename your admin directory after installation. This way, it will be significantly harder for hackers to find your admin area or attempt any attack on it.
Before making the following changes, make sure to have a current backup of your files and your database.
Zen Cart v1.5.x / v2.x.x and Higher:
A - configure.php
There is no need to alter the admin side configure.php
file in v1.5.x and above when renaming your admin folder. Simply proceed to step B.
B - Rename the Admin folder
Using your FTP tool or your webhost’s “File Manager”, find your Zen Cart admin
directory. Rename the directory using a random combination of letters and numbers.
NOTE: DO NOT advertise this new foldername, else you defeat the entire purpose of renaming it. And DO NOT EVER put it in your robots.txt file!
C - Login to your admin using the new URL
To login to your admin, you will now have to visit a new URL that matches the new name used in steps A and B above.
For example instead of visiting
www.example.com/admin/
visit
www.example.com/NeW-NamE4u
Other Notes:
- Be sure to update your bookmarks, favorites, etc. since the URL of your admin has changed.
- If you are using CEON URLs, modify your
.htaccess
file to indicate that your new admin name should not be rewritten. Using the example above (NeW-NamE4u
):
# Don't rewrite admin directory
RewriteCond %{REQUEST_URI} !^/NeW-NamE4u [NC]
Zen Cart v1.3.x:
A - (This step for Zen Cart v1.3.x ONLY: )
Edit /admin/includes/configure.php
IMPORTANT NOTE: If you’re using Zen Cart v1.5.0 or newer, you can skip this step, and proceed to step B to rename the folder using your FTP program. With v1.5.0 there’s no need to edit your configure.php file when renaming your admin folder.
Using your FTP program, download a copy of your /admin/includes/configure.php file to your computer.
Using a plain text editor change all instances of admin to your chosen new admin folder-name.
For maximum security, you may want to consider that new folder name should include numbers and a combination of upper and lower case letters. The longer you make this folder’s name the more secure it will be.
When editing, make sure you leave all the /
(slashes) alone.
DO NOT USE SEARCH-AND-REPLACE TO DO THESE EDITS!!!!!!!!!!!
Change ONLY THE WORD admin, in 3 places, AS SHOWN HERE:
Change this section:
define('DIR_WS_ADMIN', '/admin/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/admin/');
define('DIR_WS_HTTPS_CATALOG', '/');
And this section:
define('DIR_FS_ADMIN', '/home/mystore.com/www/public/admin/');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/');
You will end up with something that looks like this:
define('DIR_WS_ADMIN', '/mysecretadminarea');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/mysecretadminarea');
define('DIR_WS_HTTPS_CATALOG', '/');
And:
define('DIR_FS_ADMIN', '/home/mystore.com/www/public/mysecretadminarea');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/');
Now, you must upload the changes back to the server, using your FTP program.
IMPORTANT NOTE: Your configure.php file should be set as Read-Only for normal use. So, you’ll need to make it Writable before you’ll be able to upload/save your changes to the file. (In some cases, your server might require you to DELETE the file from your server before you can upload the edited version to replace it.)
Be sure to make it Read-Only again when finished. Often you can right-click the file in your FTP program and change the permissions settings there. There’s another FAQ article on how to change file permissions on different hosting servers.
B - Rename the Admin folder
Using your FTP software or your webhost’s File Manager, find your Zen Cart admin/ directory. Rename the directory to match the settings you just made in step A.
NOTE: DO NOT advertise this new foldername, else you defeat the entire purpose of renaming it. And DO NOT EVER put it in your robots.txt file!
C - Login to your admin using the new URL
To login to your admin system you will now have to visit a new URL that matches the new name used in steps A and B above.
For example instead of visiting www.example.com/admin/
visit www.example.com/NeW-NamE4u/
.
Use of SSL is highly recommended to protect your and your customers information. Learn how to enable SSL on your site.
D - What if it doesn’t work?
If it doesn’t work, then you’ve missed one or more of the steps. THE MOST COMMON MISTAKE is ignoring the read-only vs writable alert in BRIGHT RED TEXT in step A.
The second most common mistake is changing the WRONG THINGS! In step A, change ONLY the word “/admin/” in the 3 places shown.