Since OpenCart is open source it can be a target for hackers since they already know the basic file structure and how the core code works. One of the easiest methods of securing your OpenCart dashboard is to rename the /admin/ folder.  This will 'hide' the folder from scripts and hackers specifically looking for the 'admin' folder of OpenCart. Follow the steps below to change the /admin/ folder's name. Don’t forget that once you do this, you’ll need to use the new path to access your admin dashboard.

  1. Log into cPanel
  2. Click on File Manager
  3. Use file manager to navigate to the folder containing the “admin” folder
  4. Right click on the “admin” folder and select “rename
  5. Type in your new name for the “admin” folder (you can change it to whatever you want but the more obscure the name the better such as “ADMIN889723”)
  6. Now, open the /admin/config.php with the code editor (Remember, you changed the name of the folder. Replace 'admin' with the new folder name).

    Important! There are several instances of "admin" throughout the config file. All instances must be changed for this to work.

    Below in Red is the instances of admin you will need to change.

    // HTTP
    define('HTTP_SERVER', 'http://test.domain.com/opencart/admin/');
    define('HTTP_CATALOG', 'http://test.domain.com/opencart/');
    
    // HTTPS
    define('HTTPS_SERVER', 'http://test.domain.com/opencart/admin/');
    define('HTTPS_CATALOG', '>http://test.domain.com/opencart/');
    
    // DIR
    define('DIR_APPLICATION', '/home/userna5/public_html/opencart/admin/');
    define('DIR_SYSTEM', '/home/userna5/public_html/opencart/system/');
    define('DIR_DATABASE', '/home/userna5/public_html/opencart/system/database/');
    define('DIR_LANGUAGE', '/home/userna5/public_html/opencart/admin/language/');
    define('DIR_TEMPLATE', '/home/userna5/public_html/opencart/admin/view/template/');
    define('DIR_CONFIG', '/home/userna5/public_html/opencart/system/config/');
    define('DIR_IMAGE', '/home/userna5/public_html/opencart/image/');
    define('DIR_CACHE', '/home/userna5/public_html/opencart/system/cache/');
    define('DIR_DOWNLOAD', '/home/userna5/public_html/opencart/download/');
    define('DIR_LOGS', '/home/userna5/public_html/opencart/system/logs/');
    define('DIR_CATALOG', '/home/userna5/public_html/opencart/catalog/');
    
    // DB
    define('DB_DRIVER', 'mysql');
    define('DB_HOSTNAME', 'localhost');
    define('DB_USERNAME', 'userna5_ocar341');
    define('DB_PASSWORD', 'password');
    define('DB_DATABASE', 'userna5_ocar341');
    define('DB_PREFIX', 'oc_');
  7. There should be 5 instances referencing the /admin/ folder that would need to be updated to the new name you changed the folder to

You can also add another layer of protection to the dashboard by password protecting the /admin/ folder. You can do this by following the tutorial on password protecting directories.

If you need further assistance please feel free to ask a question on our support center website.

InMotion is Here to Help

With a dedicated server, you can easily manage your OpenCart application through SSH. This means fast access to your files from any location where you have online access. Also, you get the support  you need. Have questions with OpenCart? We have a education channel for that too. Check out our dedicated server review for more information about how we are here to help.

Looking for a host for your OpenCart installation? Go to OpenCart Hosting Accounts with Inmotion Hosting for more information.

Continued Education in Course 202: OpenCart Security
You are viewing Section 1: Securing the /admin/ folder in OpenCart
Section 2: Security Steps to Take After Installing OpenCart

Support Center Login


Social Media Login

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
2013-05-10 4:56 am
Impressive...Thanks alot
n/a Points
2014-02-26 6:07 pm

It may help people if you mention that when you update OC to the next version (and have previously followed your advice to change the admin directory to something else, like "ADMIN889723"), then to remember to account for this when you upload the new version. With that said, does it matter which way to go with the OC update? Should I..

A) Change my admin directory back to 'admin' and change the config file back to it's original state? 

or 

B) Change the name of the local (ie., ner version that I'm about to upload) admin to directory to my name, for instance "ADMIN889723"? 

I just want to make sure I don't break anything "internally" when it is installed. 

Thanks!

Sam (@perspectiverse)

Staff
9,968 Points
2014-02-27 4:51 am
Hello Sam, thanks for the comment!

You are correct that if you change the admin folder as is discussed in this guide, you would want to keep that folder in mind when doing an upgrade. I'll flag this article for an update, but in your case you'd want to go with option B, as you'd simply be keeping your config files already using this custom folder.

When you do an upgrade of OpenCart, you should backup your website files and also backup your database before starting.

To upgrade, you should download the latest version of OpenCart from their website, and then delete the local /upload/config.php and /upload/admin/config.php files that come along with it so they don't overwrite your current ones. You should also rename the /upload/admin directory to match the custom one you already made on the server for your old installation.

Then you just upload all the folders and files in the local /upload folder via FTP on top of the old OpenCart files on the server. Finally you would access your OpenCart installation followed by /install in the address bar to begin the upgrade process.

Thanks again for the comment, please let us know if you had any other questions at all!

- Jacob
n/a Points
2014-04-19 8:18 am

Hello, what about the vqmode files should we rename the content too?

Staff
11,156 Points
2014-04-21 8:18 am
The vqmod files should not need to be changed unless you have something within them that directly reference your admin URL.
n/a Points
2014-04-28 11:15 am

thanks, I want to try this, but I would like to know if it will affect the extenssions that reside in the admin folder.

Staff
24,272 Points
2014-04-28 2:53 pm
Hello,

You would need to make the changes for anything residing in the admin folder. If you did not, there would be file location errors occurring when a call is made to anything under the admin folder.

Kindest Regards,
Scott M
n/a Points
2014-04-30 11:37 am

Thanks a lot for your reply.

n/a Points
2014-07-19 1:30 am
I find everything I need for this time. Thanks a lot
n/a Points
2015-02-20 10:40 am

Ho

 

Thanks for this straight tut. Please provide a donation button 

 

mfG

L. Bringe

n/a Points
2015-03-10 6:28 pm

Hi Tim and staff, 

Thanks for the great information! Everything seems to work perfectly, except that I can't see (and therefore access) some extensions in the backend after having changed the admin folder name. 

I've replaced "admin" in the /admin/config.php file, but what else should be changed?

Kind regards and thanks again for the post!

Staff
2,264 Points
2015-03-11 12:56 am
Hello Stef,

Can you inform us of what extensions do this when you make that change so we can try to replicate it on our system.

Best Regards,
TJ Edens
n/a Points
2015-03-11 3:58 am

Hi guys, thanks for the reply!

At the moment I use an SEO extension called "All in one SEO". The settings of this extensions can be altered in the backend under catalog. It probably is easy to fix, but I do not possess the knowhow, nor can find it yet on the net.

Kind regards,Stef

Staff
21,727 Points
2015-03-12 10:03 am
Hello Stef,

As the "All in one SEO" is a third-party software affecting your extensions, and you want to alter the way it works, you will probably be best served by contacting the author of the extension. If you directly contact them, then you will much quicker and more accurate response for your needs. Apologies that we can't give you a direct solution for the issue.


Kindest regards,
Arnel C.
n/a Points
2015-03-12 4:00 pm

Thanks for your time and effort on the matter TJEdens and Arn. I will contact the extention developers then, in order to secure the admin environment a bit better.

Kind regards and keep up the great work!

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

15 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!