Rename Admin Folder to Prevent Unauthorized Access - Zen Cart
A - Edit /admin/includes/configure.php
Using your FTP program, download a copy of your /admin/includes/configure.php file to your computer.Using a simple text editor like notepad (or better yet, use Notepad++ or TextWrangler), change all instances of admin to your chosen new admin folder-name.
For maximum security, you may want to consider that new folder name should include numbers and a combination of upper and lower case letters. The longer you make this folder's name the more secure it will be.
When editing, make sure you leave all the
/
(slashes) alone.Change this section:
define('DIR_WS_ADMIN', '/admin/'); define('DIR_WS_CATALOG', '/'); define('DIR_WS_HTTPS_ADMIN', '/admin/'); define('DIR_WS_HTTPS_CATALOG', '/');
And this section:
define('DIR_FS_ADMIN', '/home/mystore.com/www/public/admin/');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/');
You will end up with something that looks like this:
define('DIR_WS_ADMIN', '/mysecretadminarea/'); define('DIR_WS_CATALOG', '/'); define('DIR_WS_HTTPS_ADMIN', '/mysecretadminarea/'); define('DIR_WS_HTTPS_CATALOG', '/');
And:
define('DIR_FS_ADMIN', '/home/mystore.com/www/public/mysecretadminarea/');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/');
Now, you must upload the changes back to the server, using your FTP program.
IMPORTANT NOTE: Your configure.php file should be set as Read-Only for normal use. So, you'll need to make it Writable before you'll be able to upload/save your changes to the file. (In *some* cases, your server might require you to DELETE the file from your server before you can upload the edited version to replace it.)
Be sure to make it Read-Only again when finished. Often you can right-click the file in your FTP program and change the permissions settings there. There's another FAQ article on how to change file permissions on different hosting servers.
B - Rename the Admin folder
Using your FTP software or your webhost's File Manager, find your Zen Cart™ /admin/ directory. Rename the directory to match the settings you just made in step A.C - Login to your admin using the new URL
To login to your admin system you will now have to visit a new URL that matches the new name used in steps A and B above.For example instead of visiting http://www.example.com/admin/ visit http://www.example.com/NeW_NamE4u/
Use of SSL is highly recommended to protect your and your customers information.