Jump to content
Robin S

How important is it to change the default admin url?

Recommended Posts

Every time I do a new PW install I pause at the Admin Login URL field and wonder if I should be doing something here to improve security.

My thinking goes like this:

  • I'd like to place some sort of obstacle to discovering the admin URL to keep out nosy-parkers and casual abusers.
  • But I don't want to make things unnecessarily difficult for my editors, who shouldn't have to hunt out the URL or end up stuck if they need to edit the site on a device that doesn't have the admin URL bookmarked. In other words, it has to be something that can be remembered by a normal mortal.

In the end I just stick with the default /processwire/ URL because it seems a good trade-off in that it's not as obvious as /admin/ but is memorable. Also, it's a word that isn't a household name to the wider public but familiar to an editor has been working with the site for a while and looking at the PW logo in the admin banner.

Is there a best-practice around setting the admin URL? What are others of you doing with this? Is anyone setting admin URLs like /84tpt28hgs5y/ ?

Share this post


Link to post
Share on other sites

I always change the admin URL.  I feel that is just as important as ensuring that the admin account is something other than "admin" or "administrator".

  • Like 1

Share this post


Link to post
Share on other sites

@cstevensjr: Do you always use the same URL or is it different for every site you develop? If it's different do you have a method for deciding what to use for the admin URL? BTW, I'm not requesting you reveal a real admin URL here.

Share this post


Link to post
Share on other sites

The admin URL is always based on something distinctly or uniquely associated with the client (so it's not hard for them or me to remember).  It's just a matter of knowing detailed information about the client or their business.  

  • Like 2

Share this post


Link to post
Share on other sites

The admin URL is always based on something distinctly or uniquely associated with the client (so it's not hard for them or me to remember).  It's just a matter of knowing detailed information about the client or their business.  

I build a PW site for a restaurant/bar and called the admin URL 'office'.

Another was for a friend who operates an auto mechanic shop, called his admin 'toolbox'.

  • Like 2

Share this post


Link to post
Share on other sites

Is there a best-practice around setting the admin URL? What are others of you doing with this? Is anyone setting admin URLs like /84tpt28hgs5y/ ?

I did this once because I created a whole backend area for the users, and didn't want the user to ever see the processwire admin.

But i usually just leave as it is if the client is okay with it, or like @OrganizedFellow, i change it to something appropriate. 

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...