How can I stop brute force attacks on my Magento installation?
By default, accessing a Magento store backend is as simple as navigating to
domain.com/admin in your browser. Unfortuantely, because the default Magento backend URL is common knowledge for brute-force attackers, it makes brute forcing it an easy task, but by using a custom admin path, you can make it a little less easy for them.
Changing the admin path can be done in three steps:
- Open the
/app/etc/local.xml configuration file
- Find <![CDATA[admin]]> and change “admin” to the path you would like to use. For example, if you change it to
youradmin, the admin path will now be:
- After you have changed this URL, refresh the Magento caches.
Was this answer helpful?