What are Webhooks in Magento 2
Discover webhooks in Magento 2: a powerful tool to reduce manual workload for business owners. Learn how they work, their key features, and easy configuration tips.
Vinh Jacker | 11-11-2024
Security is always the first and foremost critical component in running an online store. We can not deny the popularity of Magento - One of the most widely used CMS platforms out there.
Meanwhile, cyber-attacks are undoubtedly on the rise. It comes as no surprise that Magento has become the prime target of hackers for illegal purposes.
So how to prevent data breaches?
The Magento technical itself continuously releases security patches, version updates, and practices to help merchants increase their site security. One highly recommended method is to change Admin URL.
Thus, this post will mention the advantages of custom Admin URL as well as 3 steps for changing Admin panel URLs in Magento 2 effortlessly.
“Admin URL” is the URL that the admin uses to access a Magento store’s backend. When the installation of Magento finishes, the system will create an admin URL with a random string.
This link will lead you to your Magento store’s information hub. Here, you can view, edit and manage everything from order data, customers to extensions and payment settings.
To help you better visualize the default URLs, below are how your admin URL looks like in a typical Magento installation:
Default Base URL: http://yourdomain.com/magento/
Default Admin URL and Path: http://yourdomain.com/magento/admin
However, these default URLs (sitename.com/admin) are incredibly vulnerable to hackers. In other words, they’re easy to crack and predictable as well. This point becomes a huge vulnerability that cybercriminals use to get unauthorized access to your data source.
For the sake of security, Magento does recommend online merchants many practices protecting online stores from unlawful transactions, information theft, data leaks, and other malware attacks. One of them is to create a custom path for the Magento admin URL instead of using the default URL.
Why?
As mentioned above, the default admin URL for a Magento site is unsecured and easily predictable to hackers
Vulnerable admin URL puts your site in danger of brute force attacks - A type of automated software tries to gain unauthorized access to a store’s backend using multiple usernames and password combinations
Custom Admin URL helps you avoid determined attackers and reduce exposure to scripts attempting to break into your Magento site
Since the admin URL takes you directly to the store’s management system, any failure to prevent hackers from logging in to your admin panel can seriously harm your business.
Still, if you are searching for a Magento 2 exclusive security extension, Mageplaza’s Security is for sure a go-to extension with a comprehensive set of advanced features. Check all logs automatically and get notified of any suspicious activities.
Read more:
”
Now, let’s move to 3 widely used ways you can use to change the Magento admin URL effortlessly.
Log in to the Admin panel, then choose Stores > Settings > Configuration
Look for the Advanced section in the left panel and select Admin
Expand the Admin Base URL selection for setting up the custom URL
On the Admin Base URL, do the following steps:
Choose Use Custom Admin URL = Yes. Then enter your Custom Admin URL in the format: http://yourdomain.com/magento/
Set Custom Admin Path = Yes. And fill in the Custom Admin Path that’s appended to the Custom Admin URL. Your custom path will be after the “/” slash in your URL above
Once completed, click on the Save Configuration button to save all your changes. You can now try to log out of your Magento account and log in again using the new URL.
If you feel confident about making changes to your Magento sites using the command line, then this second method will be a more preferable choice.
To change the admin URL through the command line, you will need to:
Log in to the Magento server with your SSH credentials or FTP client
Go to the app/etc/env/php file in a text editor
Now, look for the code that says ‘frontName.’ You can see the value of its parameter on the right side - which is ‘admin’
Replace the value within the quotes, from ‘admin’ to your new admin URL, for instance, ‘admin’ > ‘backend’
Note: You can only use the lowercase characters for value in the quotes and don’t forget to save the changes once you’re done.
This is how your old and new admin paths look like.
Finally, to complete the changing process, use one of the following methods to clear the Magento cache:
Back to the Admin sider, navigate to System > Tools > Cache Management > Click Flush Magento Cache
Return to the server and run this command: php bin/Magento cache:flush
Magento allows merchants to change the Admin path using the Magento CLI setup:config:set command. What you should do:
Like the second method, firstly, you must log in to your Magento server via SSH
Then, go to your Magento store’s root directory
Next, run this command:
terminal
bin/magento setup:config:set --backend-frontname="backend_front_name"
Finally, change the value within the quests for backend_front_name to your desired Admin URL
Note: This action will update the backend > frontName configuration option in the app/etc/env.php file.
Magento allows its users to restore the default Admin URL as well as Admin path using the command line. All you need to do is to use these revert commands below:
For the default Admin URL: php bin/Magento config:set admin/url/use_custom 0
For the default Admin Path: php bin/Magento config:set admin/url/use_custom_path 0
Finally, don’t forget to clear the Magento cache. Install our Magento 2 Quick Flush Cache to make the process of clearing cache automatic and easier.
Above is a quick guide that covers the most important aspects of Magento 2 admin URL, what it is, why I need to create a custom Admin URL and how to do that.
In conclusion, we advise you to:
Replace the default URL with a complex one
Avoid the default ‘admin’ or the commonly used ‘backend’ names
Changing your default Admin URL is an easy way you can do by yourself to protect your website on Magento 2 from bots and potential cybercriminals.