Support

Admin Tools

#37618 Secret Admin URL

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 30 August 2022 01:42 CDT

A-NSDT

Sorry to trouble you with this but could you point me to WHERE to change the standard admin URL to an alternative?

You may call it a secret admin URL.

 

I have actually used it before but cannot seem to find it to use for neysh.ca

nicholas
Akeeba Staff
Manager

Components, Admin Tools, Web Application Firewall, Configure WAF, Basic Features tab.

It is the “Change administrator login directory to” option.

Please note that this is an unsupported feature. Also keep in mind that it merely prevents you from accessing /administrator until you visit the custom directory. For example, if your site is www.example.com and the option is set to foobar you need to visit www.example.com/foobar first. This sets a cookie in your browser which allows you to access /administrator. Joomla does not support completely renaming the administrator folder; that would cause all sorts of problems in Joomla itself and third party extensions.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

A-NSDT

Hey!

Thanks Nicholas.

 

Yah - I understand it's purpose and expect nothing more of it than just minimizing people trying to get in at the std admin URL.
I have used it on another site and it seemed to have worked quite well.

BTW - Will it also work in Jooma4 (as it does in J3)?

 

Dan

nicholas
Akeeba Staff
Manager

According to our tests it works the same on Joomla 4 as it works on Joomla 3. What we do does not change with the Joomla version, it depends on the URL routing, secure tokens and cookies which have not changed since Joomla versions 1.5, 3.7 and 1.0 respectively.

Please remember that if you use non-www to www redirection (or vice versa), you need to visit your site's administrator using the canonical domain name. So, for example, if you have non-www to www redirection and your site is accessible as both www.example.com and example.com you MUST visit your administrator login page as www.example.com/administrator. We only set cookies for the domain name we are in and that's on purpose, not laziness. This prevents a situation where you have two sites in two different subdomains, e.g. site1.example.com and site2.example.com, interfering with each other's changed admin login URL cookies.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!