Why would I want to change my Magento 2 admin URL?
The admin URL is the URL you use in your web browser to access the backend or admin panel of your Magento store. This is the information hub for your Magento store – where you can view, edit and manage everything from order data, customers, to settings for your checkout, and extensions.
Typically, the default admin URL for a Magento 2 site is something like “mysite.com/admin”.
Changing your Magento admin URL from the default “/admin”, to something more unique can help protect your site from brute force attacks. A brute force attack is where automated software hits your site to try out username and password combinations very quickly to try to gain access.
Changing your admin URL is one small step in the bigger picture of security. Changing your default Magento admin URL is a relatively easy thing you can do to increase the security of your Magento site and make it a little bit more difficult for bots or hackers to find your admin URL to attack it.
In this blog I will show you the various methods to change the admin URL:
- Admin panel
- Command Line
- Editing the env.php file manually via sftp/ssh
Before Making Changes…
Be sure to have a Magento developer on standby, if you change your default admin URL and then can’t access your admin panel, you may need a developer to make changes to the database or site files to fix the issue.
To follow sound development practices, and to protect from your live site going down, it is best to make these edits on a development environment first. We would also recommend contacting your hosting provider to make sure they don’t have firewalls that wouldn’t allow the changing of your Magento admin URL.
Method #1: Admin Panel
The easiest method that requires no coding, is to make changes in the Admin panel settings.
- Log into your Magento Admin
- Go to Stores > Configuration
- In the “Advanced” section – click on Admin
- Expand “Admin Base URL”
- Expand the “Admin URL” section by clicking on the arrow with the circle around it
Notes: When entering your new admin URL, be sure to keep the same root as the storefront, adding onto your normal site URL
- Set the “Custom admin URL” to Yes – you may have to uncheck the “use system value” to be able to change this setting
- In “Custom Admin URL” set your URL. Make sure that base URL ends with ‘/’ (slash), e.g. http://yourdomain/magento/
- In “Custom Admin Path” add your new path that will be added after the “/” slash in your URL above.
- Set “Use Custom Admin Path” to Yes
- Be sure to click Save Config to save your changes.
Method #2: Command Line
It is recommended to only use this method if you are very comfortable using a command line interface to navigate and make changes to your Magento site.
- Connect to your server by logging in with your SSH credentials with your SSH client/software. (Like puTTY or Terminal for Apple users). Navigate to the root directory of your store.
- Run this command: php bin/magento setup:config:set –backend-frontname=”newadminurl”
- Within the quotes for backend frontname – type in your desired new URL.
- If you would like to check or view your admin URL via command line: magento info:adminuri
Method #3: Editing the env.php File:
Method #3 requires a little bit of coding and being comfortable with FTP/SSH, but is pretty simple to execute.
- Log into your server via ssh using an ssh or FTP client (software) (example: Filezilla), navigate to the app/etc folder and open env.php file in a text editor.
- Look for the code that says ‘frontName’ and replace the code in the quotes to the right of ‘frontName’ and replace ‘admin’ your new admin URL.
- To see the change, you then will need to clear the Magento cache, one of three ways –
- Flush the cache:
- Either by going into the admin, if you are able to access it, System > Tools > Cache Management > Flush Magento Cache
- Through the server, go to the var/cache folder and delete the contents of the folder
- Through command line:
After completing any of these methods, you can then revisit your Magento 2 admin by typing in your new admin URL and you can log-in as usual.
Changing your default admin URL can help protect your Magento 2 eCommerce store from bots and attackers but is only one small piece of the large security puzzle. To learn more about our security recommendations be sure to check out our guide on Magento 2 best security practices and keep up to date with Magento patches and releases.