We can improve security by changing the default URL from 'admin' to something more obscure, such as 'bdadmin'. This will decrease the probability that a malicious user will hit upon your admin log-in page by guessing that the admin site is located at domain.com/admin/, or that automated scripts scanning for Magento admin pages will find it.
To change the admin address you first need to stop Apache and clear the cache:
root# /etc/init.d/apache2 stop
root# rm -rf /var/www/var/cache/*
root# rm -rf /var/www/var/session/*
Then open up the /var/www/app/etc/local.xml file, locate the <frontName> tag, and change the 'admin' part it to something a lot more random,
eg: <frontName><![CDATA[gJpf2VK5]]></frontName>
Then set Apache running again (bearing in mind your site will be down for the duration of this operation!):
root# /etc/init.d/apache2 start
No comments:
Post a Comment