hiding admin login URL

Discussion regarding Joomla! 4.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
kataoulas
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Apr 15, 2022 6:05 am

hiding admin login URL

Post by kataoulas » Fri Apr 22, 2022 8:08 am

How can i hide administrator login url in joomla?
Is there a simple way or i need to install an joomla extension?

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 14702
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: hiding admin login URL

Post by toivo » Fri Apr 22, 2022 8:33 am

This question has been asked several times at the forum, for example Does hiding Admin Panel URL help with Security?

In addition to the options presented in the earlier topic, check the cPanel provided by your host. Its section 'Files' may have the option 'Directory Security', which allows you to add to the administrator folder a separate username and password, which are independent of the Joomla installation:
cPanel wrote:Set a password to protect certain directories of your account. When you enable this feature, a user that tries to open a protected folder will be prompted to enter a username and password before they can access your content.
Toivo Talikka, Global Moderator

webmasterab
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun Sep 24, 2017 12:49 pm

Re: hiding admin login URL

Post by webmasterab » Mon May 23, 2022 2:12 pm

I would install this https://www.akeeba.com/documentation/admin-tools.html This will allow you to add a suffix to the administrator link and also set an additional password to secure the page.

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4709
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: hiding admin login URL

Post by gws » Mon May 23, 2022 2:40 pm

You can password protect the admin with htaccess rules.

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 7764
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: hiding admin login URL

Post by AMurray » Mon May 23, 2022 10:27 pm

I'd also enable 2-factor authentication (doesn't hide the URL but gives extract login protection).

It is not recommended to renaming the administrator directory. I don't know if it's the case now, but Admin Tools did *allow* renaming of the /administrator folder but it was not a supported feature by the Akeeba team; if it broke your site, they were not in a position to help fix it (it's an use-at-your-own-risk feature) I'm not exactly sure why it was even an option if it's that risky and it's clearly labelled as such.
Regards - A Murray

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 7764
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: hiding admin login URL

Post by AMurray » Tue May 31, 2022 9:58 pm

Joomla has sufficient 2FA built in.

Hiding or changing the URL would be not recommended, as some extensions may hard-code the /administrator URL / name, and therefore break if you rename the folder to anything other than leaving it as /administrator.

Best way is as already mentioned - 2FA and/or the secret code appended to the URL and/or .htaccess protection on the folder.
Regards - A Murray

User avatar
Nidzo2203
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 215
Joined: Sat Nov 21, 2009 4:52 pm
Contact:

Re: hiding admin login URL

Post by Nidzo2203 » Fri Jul 01, 2022 10:38 pm



Post Reply

Return to “Security in Joomla! 4.x”