Rename Admin Folder to Prevent Unauthorized Access - Zen Cart

A - Edit /admin/includes/configure.php

Using your FTP program, download a copy of your /admin/includes/configure.php file to your computer.
Using a simple text editor like notepad (or better yet, use Notepad++ or TextWrangler), change all instances of admin to your chosen new admin folder-name.
For maximum security, you may want to consider that new folder name should include numbers and a combination of upper and lower case letters. The longer you make this folder's name the more secure it will be.
When editing, make sure you leave all the / (slashes) alone.

Change this section:
define('DIR_WS_ADMIN', '/admin/');
 define('DIR_WS_CATALOG', '/');
 define('DIR_WS_HTTPS_ADMIN', '/admin/');
 define('DIR_WS_HTTPS_CATALOG', '/');

And this section:
define('DIR_FS_ADMIN', '/home/');
 define('DIR_FS_CATALOG', '/home/');

You will end up with something that looks like this:
define('DIR_WS_ADMIN', '/mysecretadminarea/');
 define('DIR_WS_CATALOG', '/');
 define('DIR_WS_HTTPS_ADMIN', '/mysecretadminarea/');
 define('DIR_WS_HTTPS_CATALOG', '/');


define('DIR_FS_ADMIN', '/home/');
 define('DIR_FS_CATALOG', '/home/');

Now, you must upload the changes back to the server, using your FTP program.

IMPORTANT NOTE: Your configure.php file should be set as Read-Only for normal use. So, you'll need to make it Writable before you'll be able to upload/save your changes to the file. (In *some* cases, your server might require you to DELETE the file from your server before you can upload the edited version to replace it.)
Be sure to make it Read-Only again when finished. Often you can right-click the file in your FTP program and change the permissions settings there. There's another FAQ article on how to change file permissions on different hosting servers.

B - Rename the Admin folder

Using your FTP software or your webhost's File Manager, find your Zen Cart/admin/ directory. Rename the directory to match the settings you just made in step A.

C - Login to your admin using the new URL

To login to your admin system you will now have to visit a new URL that matches the new name used in steps A and B above.
For example instead of visiting visit

Use of SSL is highly recommended to protect your and your customers information.

D - What if it doesn't work?

If it doesn't work, then you've missed one or more of the steps. THE MOST COMMON MISTAKE is ignoring the read-only vs writable alert in BRIGHT RED TEXT in step A.