Most Content Management Systems (CMS’s) have a unique identifying login url. For example, WordPress uses /wp-admin for your login home page. Because of this, hackers can assume that is your login and the default username is admin. If you don’t change either of these, you risk the potential for hacking exponentially. It is important that you select an administrative username that is unique to you or your business and create a secure password. You can read more about website and password security best practices in our articles, Best Practices: Protecting Your Website from Compromise and Best Practice: Creating a Secure Password.

Beyond the security measures outlined in these articles, you can also change your CMS login url to help hide it from potential malicious activity. This article will provide you with ways to change the login URL for the top CMS’s used today, Joomla!, Drupal, Magento, and WordPress. But before we get started, let’s look at the why.

Why should I change my admin URL?

Protect Your Site Against Brute Force Attacks

Security is the main reason to change the login page – doing so protects against the most common type of website breach, a brute force attack. Because brute force attacks involve “guessing” login credentials, it needs three variables to succeed:

Username – make sure you choose something unique to you or your business, don’t leave it as the default “admin.”
Password – go for a complex password, the more generic it is, the easier it will be to guess.
Your login URL – the admin page of your dashboard

When you use default URLs, you leave yourself more vulnerable; the hacker will only need your username and password to access a site. Changing the login URL makes hacker’s work much harder.

Note:

It is also important to note, that even if a hacker can’t correctly obtain your login credentials, the attempts use a lot of bandwidth and can slow down or crash your site during the attack. Moving your login page will help combat this problem.

Hides Vulnerabilities

No CMS is perfect, like any software, a CMS is never 100% immune from bugs and vulnerabilities. The size of the communities using the most popular CMS’s means there are a lot of good people working hard to fix problems, but because of the number of websites running a CMS, any security vulnerability gets a lot of press. When news of a known vulnerability breaks, malicious hackers instantly know where your defenses are weak.

By changing the login URL, you can protect yourself against a tell-tale sign that your site is using a CMS, distancing yourself from any known problems. This won’t keep you 100% safe, but it’s a good place to start.

Changing Your Admin URL

Depending on the CMS you use, the process for changing the admin URL will be different. Use the links below to be directed to the CMS you use:

WordPress
Joomla!
Drupal
Magento

WordPress

Changing the login URL for WordPress is accomplished by downloading a plugin. There are many options for changing or hiding your login URL, but the one I found to work the best is the WPS Hide Login plugin. Installation and activation for this plugin is quick and easy.

Note:

The use of a specific plugin is only a suggestion. Liquid Web is not affiliated and does not support any issues that may arise from using the WPS Hide Login plugin. You can read more about this specific plugin on their home page: https://wordpress.org/plugins/wps-hide-login/.

Log into your WordPress dashboard.
Click on the link for Plugins.
Search for “WPS Hide Login” in the search bar at the top of the page.
Select Install on the plugin when it appears in the list.
Once the plugin is installed, go to your Active Plugins list and select Activate to activate it.
After the plugin is activated, click on Settings to change the admin URL.
Scroll to the bottom of the settings page, and change your admin URL in the section, then click Save Changes to save your new URL. You can choose any word to use, the more unique it is, the more secure it will be!
Now when you login, you will use that URL to be directed to the WordPress dashboard.

Joomla!

In order to change your admin URL with Joomla!, you will need to add an extension to your CMS called JSecure. This extension is a premium (paid) download to add to your Joomla! account, but it offers the protection from attack by changing the admin URL.

Note:

The use of the JSecure extension on Joomla! is only a suggestion. Liquid Web is not affiliated with and does not support any issues that may arise from using the extension. You can read more about this specific extension on their home page: https://extensions.joomla.org/extension/jsecure/.

Once you download the extension, log into your Joomla admin panel.
Upload and install the build matching with your Joomla version.

extension installer

Click the Components link in the menu at the top of the page. Select jSecure Lite from the drop-down menu and go to Basic Configuration to configure the admin URL.
Enable the Pass Key option and set a pass key in the Key section. The key will be your new login URL.

basic configuration home page

Click Save and now, you will use the pass key as the ending to the login URL. It should look something like this: www.yoursite.com/administrator/?key”.

Drupal

Changing your admin URL in Drupal is not as straight forward as other CMS applications. It requires a module to be used to override the admin path. The modules will differ per version of Drupal, they are listed below with the instructions or link to the module file to download.

Note:

The use of a module is only a suggestion. Liquid Web is not affiliated and does not support any issues that may arise from using the module for Drupal. If you are unfamiliar with editing and configuring settings files within your CMS, please consult a developer before implementing the modules listed below.

Drupal 7

Version 7.x-2.x supports Overlay module, but you can get a 404 error when you enable/disable the module with overlay. You can find instructions for installing and using this module here: https://www.drupal.org/docs/7/administering-drupal-7-site/working-with-the-overlay?

Drupal 6

If you are using Drupal 6, you can allow the same feature by editing your settings.php file and adding the following code:

function custom_url_rewrite_outbound(&$path, &$options, $original_path) {
    if (preg_match('|^admin(?![^/])(.*)|', $path, $matches)) {
        $path = 'backend'. $matches[1];
    }
}
 
function custom_url_rewrite_inbound(&$result, $path, $path_language) {
    if (preg_match('|^backend(?![^/])(.*)|', $path, $matches)) {
        $result = 'admin'. $matches[1];
    }
    if (preg_match('|^admin(?![^/])(.*)|', $path, $matches)) {
        $result = '404'. $matches[1];
    }
}

Drupal 7.x-2.3

Drupal 7.x-2.3 uses a downloadable module that can be found here: https://www.drupal.org/project/rename_admin_paths/releases/7.x-2.3.

Drupal 8.x-1.1

Drupal 8.x-1.1 uses a downloadable module, you can find it here: https://www.drupal.org/project/rename_admin_paths/releases/8.x-1.1.

Warning:

Running modules and scripts found on the internet can be dangerous. Make sure to work with a developer when deploying any modules found online to make sure that nothing malicious is contained within. Liquid Web has no affiliation with the creators of these modules and is not responsible for any security issues when installing modules.

Magento

The Magento admin URL is changed either through the control panel or via command line.

Note:

Changing the admin URL requires editing configuration files and must be in the same installation and the same document root as your storefront. So, if the default base URL is https://yourdomain.com/magento, the Admin URL path is just below and will look something like, https://yourdomain.com/magento/admin. It is important to keep this file path structure to make sure you can reach the admin panel once the URL is changed.

Change the Admin URL from Magento control panel:

In the admin menu, select System. From the system menu, click on Configure.
Select Admin in the panel on the left-hand side of the page.
Expand the Admin Base URL section by clicking on it.
Set the Use Custom Admin URL to “yes,” then enter the custom admin URL in the following format:
```
https://yourdomain.com/magento/
```
and set the Custom Admin Path to “yes.” Then enter the name of the path to your desired word.

admin base url section

Click Save Config when you are done to save your changes.
The last step in the process is to clear your cache. You can do this through the Magento admin menu selecting Cache Management from the System menu. Then select Flush Magento Cache.

Now when you log into Magento, you will use that path.

Change the Admin URL from Command Line:

In the command line, open the app/etc/local.xml file to change the name of the admin path. Look for the <adminhtml> argument in the <admin> section. The default Admin Path will look like:
```
# <frontName><![CDATA[admin]]></frontName>
```
Warning:
The Admin URL is case-sensitive. Use only lower-case letters to rename the admin URL path.
Once in the <admin> section, change the path, when you change it, it should look something like this:
```
# <frontName><![CDATA[backend]]></frontName>
```
The last step in the process is to flush your cache, this is accomplished by opening the var/cache folder and deleting its contents.