Website security is one of the most important things that should take priority when you're managing a Magento 2 store. Customers provide vulnerable data while placing orders and trust you to keep it safe.

All of that data is stored in the Magento admin panel that most often undergoes brute force attacks. Regarding this Magento recommends you change Magento 2 admin URL to a more complex one to improve admin panel security.

However, it is not as easy as it seems are requires you to be cautious about it. So, in this guide, we'll walk you through the 3 most common ways to change Magento admin URL and precautions you have to take to avoid further issues.

Post Contents [hide]

    Before You Change Admin Panel URL

    Once you install Magento 2, the system will create an admin panel link for you with a random string. Usually, the admin URL is below the base URL, meaning the admin is one directory below the root.

    Most often it looks like:

    • Default Base URL — yourwebsite.com/magento/
    • Default Admin URL — yourwebsite.com/admin

    Magento Admin Panel

    It is an easy admin URL that makes it vulnerable to brute force attacks and other malicious actions that hit your website admin with predictive credentials to get access. That is why changing Magento admin panel URL is among the top Magento secure checklist points.

    But don't jump to it. There are a few things you have to pay attention to before your change the admin URL address:

    1. Contact hosting provider before making changes to the admin URL. Sometimes they require a standard URL to comply with the firewall protection rules.
    2. Make changes in the development environment to avoid website breakdown.
    3. Don't change Magento admin panel URL if you don't know how to edit the configuration file on a server. Any mistake can remove access to the backend.

    Keeping this in mind, you can change Magento admin URL by yourself.

    How to Change Magento 2 Admin URL?

    Magento being as flexible as it is, provides different methods to change the admin URL. Whether you're a developer or an admin user, you can do it just in a few steps.

    However, we'll start with the most simple one.

    Change Admin URL via Admin Panel

    To change the base admin URL from the admin panel:

    1. Go to Stores > Configuration > Advanced > Admin > Admin Base URL.
    2. Clear the Use System Value checkbox and enable the Use Custom Admin URL option.
    3. Set your Custom Admin URL, but make sure your base URL ends with a slash (/).
    4. Remove the System Value and enable the Use Custom Admin Path option.
    5. Enter the Custom Admin Path that will be added to the custom admin URL after the ending slash.

    Once you finish, don't forget to Save Config and login with the new admin panel URL.

    Change Magento 2 Admin URL

    Use Config.php to Change the Admin Path

    To change admin panel URL via Command Line:

    1. Log in to your Magento server with SSH or FTP.
    2. Open to app/etc/env.php file in a text manager.
    3. Search for the 'frontName' parameter that could be something like 'admin' or 'backend'.
    4. Replace it with your custom admin panel path.

    e.g. you can use the following command:

    'backend' => [
    'frontName' => 'sample_custom_admin'
    ]

    5. Save changes and go to the admin panel to clean cache or run:

     php bin/Magento cache:flush

    Change Admin URL via Command Line

    To change Admin panel URL with command line:

    1. Log in to your Magento server via SSH and go to your store root directory.
    2. Run the following command:
    php bin/magento setup:config:set --backend-frontname=“sample_custom_admin”

    Don't forget to save changes once you finish.

    Now you know all of the ways you can use to change Magento 2 admin URL and path to secure your orders, customers, subscriptions, and other vulnerable data from malicious attract.

    However, this is not the only precaution you should take since cyber attract are more common now. So, to improve Magento security you have to go through several weak points and make sure nothing threatens your data.