You are here: Home › change-the-admin-folder-name

Website Navigator

Change The Admin Folder Name

 

Rename the Admin folder to prevent unauthorized access
 
 

When you install Zen Cart manually from the official .zip file, the Admin folder is named as /admin/ and when you install Zen Cart from auto-install applications like Fantastico the Admin folder is often named /zc_admin/.

For security, in ALL Zen Cart installations you should rename the admin folder to something more obscure

While access to the Zen Cart admin area is protected by a log-in using a username and password, it is recommended for additional security that you rename your admin directory after installation. 99% of the break-ins and website hacks I've dealt with were by sql injection attacks, and exploiting the lost password function on the admin login page. By 'hiding' the admin folder it will be significantly harder for hackers to locate your admin area and attempt to hack your site.

By default, the latest version 1.39 of Zen Cart won't allow you to access the admin area till you have changed the name of the folder, so you need to follow these instructions to change the folder name and modify the relevant entries in the configuration files.

(Before making the following changes, make sure to have a current backup of your files and your database.)

You're going to do three steps:

  • Step A) edit the configure.php settings and upload them,
  • Step B) rename the admin folder,
  • Step C) test login to the new folder.


The required Steps are detailed below:

DO NOT USE SEARCH-AND-REPLACE TO DO THESE EDITS!!!!!!!!!!!
 
Step A - Edit /admin/includes/configure.php
 
Using your FTP program, download a copy of your /admin/includes/configure.php file to your computer.

Using a simple text editor like notepad (or better still, download and use a free text editor like Notepad++ ), change all instances of admin to your chosen new admin folder-name.

For maximum security, you may want to consider that new folder name should include numbers and a combination of upper and lower case letters. The longer you make this folder's name the more secure it will be.

When editing, make sure you leave all the / (slashes) alone.

Change ONLY THE WORD admin, in 3 places, AS SHOWN HERE:


Change this section:

define('DIR_WS_ADMIN', '/admin/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/admin/');
define('DIR_WS_HTTPS_CATALOG', '/');


You will end up with something that looks like this:

define('DIR_WS_ADMIN', '/mysecretadminarea/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/mysecretadminarea/');
define('DIR_WS_HTTPS_CATALOG', '/');

And change this section:
 
define('DIR_FS_ADMIN', '/home/mystore.com/www/public/admin/');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/');
 
You will end up with something that looks like this:

define('DIR_FS_ADMIN', '/home/mystore.com/www/public/mysecretadminarea/');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/');

Now, you must upload the changes back to the server, using your FTP program.

IMPORTANT NOTE:Your configure.php file should be set as Read-Only for normal use. So, you'll need to make it Writable before you'll be able to upload/save your changes to the file. (In *some* cases, your server might require you to DELETE the file from your server before you can upload the edited version to replace it.)
Be sure to make it Read-Only again when finished. Often you can right-click the file in your
FTP program and change the permissions settings there.
 
Step B - Rename the Admin folder

Using your FTP software or your webhost's File Manager, find your Zen Cart/admin/ directory. Rename the directory to match the settings you just made in step A.

Step C - Login to your admin using the new URL

To login to your admin system you will now have to visit a new URL that matches the new name used in steps A and B above.

For example instead of visiting http://www.youronlinestore.com/admin/ visit http://www.youronlinestore.com/NeW_NamE4u/

 
What if the changes didn't work?
If it doesn't work, then you've missed one or more of the steps. THE MOST COMMON MISTAKE is ignoring the read-only vs writable alert in BRIGHT RED TEXT in step A.

The second most common mistake is changing the WRONG THINGS! Change ONLY the word "/admin/" in the 3 places shown.

No Comments Yet...

Leave Reply


Contact Information

Zenned
PO Box 105
Helston
Cornwall TR13 3AH
Telephone: 08432 893770
Email: Contact Me 

You have to smile :-)

A black cat crossing your path signifies that the animal is going somewhere.

Groucho Marx 

A computer once beat me at chess, but it was no match for me at kick boxing.
 
Emo Philips
Computers are like Old Testament gods; lots of rules and no mercy.
 
Joseph Campbell
A child of five would understand this. Send someone to fetch a child of five.

Groucho Marx
I don't have a bank account because I don't know my mother's maiden name.

Paula Poundstone
I wear a necklace, cause I wanna know when I'm upside down.

Mitch Hedberg
back next