Since OpenCart is open source it can be a target for hackers since they already know the basic file structure and how the core code works. One of the easiest methods of securing your OpenCart dashboard is to rename the /admin/ folder.  This will 'hide' the folder from scripts and hackers specifically looking for the 'admin' folder of OpenCart. Follow the steps below to change the /admin/ folder's name. Don’t forget that once you do this, you’ll need to use the new path to access your admin dashboard.

  1. Log into cPanel
  2. Click on File Manager
  3. Use file manager to navigate to the folder containing the “admin” folder
  4. Right click on the “admin” folder and select “rename
  5. Type in your new name for the “admin” folder (you can change it to whatever you want but the more obscure the name the better such as “ADMIN889723”)
  6. Now, open the /admin/config.php with the code editor (Remember, you changed the name of the folder. Replace 'admin' with the new folder name).

    Important! There are several instances of "admin" throughout the config file. All instances must be changed for this to work.

    Below in Red is the instances of admin you will need to change.

    // HTTP
    define('HTTP_SERVER', 'http://test.domain.com/opencart/admin/');
    define('HTTP_CATALOG', 'http://test.domain.com/opencart/');
    
    // HTTPS
    define('HTTPS_SERVER', 'http://test.domain.com/opencart/admin/');
    define('HTTPS_CATALOG', '>http://test.domain.com/opencart/');
    
    // DIR
    define('DIR_APPLICATION', '/home/userna5/public_html/opencart/admin/');
    define('DIR_SYSTEM', '/home/userna5/public_html/opencart/system/');
    define('DIR_DATABASE', '/home/userna5/public_html/opencart/system/database/');
    define('DIR_LANGUAGE', '/home/userna5/public_html/opencart/admin/language/');
    define('DIR_TEMPLATE', '/home/userna5/public_html/opencart/admin/view/template/');
    define('DIR_CONFIG', '/home/userna5/public_html/opencart/system/config/');
    define('DIR_IMAGE', '/home/userna5/public_html/opencart/image/');
    define('DIR_CACHE', '/home/userna5/public_html/opencart/system/cache/');
    define('DIR_DOWNLOAD', '/home/userna5/public_html/opencart/download/');
    define('DIR_LOGS', '/home/userna5/public_html/opencart/system/logs/');
    define('DIR_CATALOG', '/home/userna5/public_html/opencart/catalog/');
    
    // DB
    define('DB_DRIVER', 'mysql');
    define('DB_HOSTNAME', 'localhost');
    define('DB_USERNAME', 'userna5_ocar341');
    define('DB_PASSWORD', 'password');
    define('DB_DATABASE', 'userna5_ocar341');
    define('DB_PREFIX', 'oc_');
  7. There should be 5 instances referencing the /admin/ folder that would need to be updated to the new name you changed the folder to

You can also add another layer of protection to the dashboard by password protecting the /admin/ folder. You can do this by following the tutorial on password protecting directories.

If you need further assistance please feel free to ask a question on our support center website.

InMotion is Here to Help

With a dedicated server, you can easily manage your OpenCart application through SSH. This means fast access to your files from any location where you have online access. Also, you get the support  you need. Have questions with OpenCart? We have a education channel for that too. Check out our dedicated server review for more information about how we are here to help.

Looking for a host for your OpenCart installation? Go to OpenCart Hosting Accounts with Inmotion Hosting for more information.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve our Support Center:
Email Address
Optional, but our team may contact you for more information.
Like this Article?

Comments

Post a comment
2013-05-10 4:56 am
Impressive...Thanks alot
n/a Points
2014-02-26 6:07 pm

It may help people if you mention that when you update OC to the next version (and have previously followed your advice to change the admin directory to something else, like "ADMIN889723"), then to remember to account for this when you upload the new version. With that said, does it matter which way to go with the OC update? Should I..

A) Change my admin directory back to 'admin' and change the config file back to it's original state? 

or 

B) Change the name of the local (ie., ner version that I'm about to upload) admin to directory to my name, for instance "ADMIN889723"? 

I just want to make sure I don't break anything "internally" when it is installed. 

Thanks!

Sam (@perspectiverse)

Staff
5,603 Points
2014-02-27 4:51 am
Hello Sam, thanks for the comment!

You are correct that if you change the admin folder as is discussed in this guide, you would want to keep that folder in mind when doing an upgrade. I'll flag this article for an update, but in your case you'd want to go with option B, as you'd simply be keeping your config files already using this custom folder.

When you do an upgrade of OpenCart, you should backup your website files and also backup your database before starting.

To upgrade, you should download the latest version of OpenCart from their website, and then delete the local /upload/config.php and /upload/admin/config.php files that come along with it so they don't overwrite your current ones. You should also rename the /upload/admin directory to match the custom one you already made on the server for your old installation.

Then you just upload all the folders and files in the local /upload folder via FTP on top of the old OpenCart files on the server. Finally you would access your OpenCart installation followed by /install in the address bar to begin the upgrade process.

Thanks again for the comment, please let us know if you had any other questions at all!

- Jacob

Post a Comment

Name:
Email Address:
Comment:
Are you a bot?
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Write New!
Do you want to publish a tutorial to our support center?

News / Announcements

SSL Certficate Warnings
Updated 2014-04-14 11:34 am EST
Hits: 2232
Heartbleed 0-day OpenSSL security bug
Updated 2014-04-14 04:43 pm EST
Hits: 5665

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!