Skip to content

Secure admin panel

You should always secure the admin panel. The administrator panel contains a lot of sensitive information. It sometimes has some security lacks (for example, it does not have a captcha for login, and it can lead to easy brute-force attacks), not as good as on the customer area of your website.

Use secure and random admin panel URL

  • Do not use predictive URLs like admin, secure-admin.php; these names exist in many wordlists.
  • Use secure names that look like strong passwords 54NN9jLPxoMCjtyWyPQt.php; I have generated this random string on the free password generator tool1 and have added .php extension.


Use SSH/SFTP access to rename admin panel

Protect admin panel with extra security

Create extra security layers like

  • Restrict access to the admin panel by "Basic access authentication" as PHPMyAdmin and Adminer"
  • Restictions by IP (allow listing) for your office. But this way has also had security lack like "what will happen if an attacker comes into your office?"
  • Use CS-Cart addon Access restrictions on your website

Read our article "How to make your CS-Cart or Multi-Vendor project more secure" to know hot-to handle other security gaps.


If you have a problem, need assistance with tweaks or a free consultation, if you just want to discuss your project with experts and estimate the outcome, if you're looking for a solution that reinforces your online business, we will help. Let us know through Scalesta account or email.