How do I rename my Admin folder to prevent unauthorized access?

[topvip]

While access to your admin area is protected by the requirement of your admin password, it is recommended for additional security that you rename your admin directory after installation. This way, it will be significantly harder for hackers to find your admin area or attempt any attack on breaking into it.(Before making the following changes, make sure to have a current backup of your files and your database.)
You're going to do three steps: A) edit the configure.php settings and upload them, B) rename the admin folder, C) test login to the new folder.
Details are below:

DO NOT USE SEARCH-AND-REPLACE TO DO THESE EDITS!!!!!!!!!!!

A - Edit /admin/includes/configure.php

Using your FTP program, download a copy of your /admin/includes/configure.php file to your computer.
Using a simple text editor like notepad (or better yet, use Notepad++ or TextWrangler), change all instances of admin to your chosen new admin folder-name.

For maximum security, you may want to consider that new folder name should include numbers and a combination of upper and lower case letters. The longer you make this folder's name the more secure it will be.

When editing, make sure you leave all the / (slashes) alone.

Change this section:
define('DIR_WS_ADMIN', '/admin/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/admin/');
define('DIR_WS_HTTPS_CATALOG', '/');

And this section:
define('DIR_FS_ADMIN', '/home/mystore.com/www/public/admin/');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/');


You will end up with something that looks like this:
define('DIR_WS_ADMIN', '/mysecretadminarea/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_ADMIN', '/mysecretadminarea/');
define('DIR_WS_HTTPS_CATALOG', '/');

And:

define('DIR_FS_ADMIN', '/home/mystore.com/www/public/mysecretadminarea/');
define('DIR_FS_CATALOG', '/home/mystore.com/www/public/');

Now, you must upload the changes back to the server, using your FTP program.

IMPORTANT NOTE: Your configure.php file should be set as Read-Only for normal use. So, you'll need to make it Writable before you'll be able to upload/save your changes to the file. (In *some* cases, your server might require you to DELETE the file from your server before you can upload the edited version to replace it.)
Be sure to make it Read-Only again when finished. Often you can right-click the file in your FTP program and change the permissions settings there. There's another FAQ article on how to change file permissions on different hosting servers.


B - Rename the Admin folder

Using your FTP software or your webhost's File Manager, find your Zen Cart™ /admin/ directory. Rename the directory to match the settings you just made in step A.


C - Login to your admin using the new URL

To login to your admin system you will now have to visit a new URL that matches the new name used in steps A and B above.

For example instead of visiting http://www.example.com/admin/ visit http://www.example.com/NeW_NamE4u/


Use of SSL is highly recommended to protect your and your customers information.

D - What if it doesn't work?

If it doesn't work, then you've missed one or more of the steps. THE MOST COMMON MISTAKE is ignoring the read-only vs writable alert in BRIGHT RED TEXT in step A.