How to Change Your PrestaShop Admin URL

Why You Should Change the Default Admin URL

Every PrestaShop installation creates an admin directory with a name like admin1234 — the digits are randomly generated during installation. This directory is where you access the back office of your store. While the random suffix provides some basic obscurity, it is not a strong security measure. Automated bots and attackers routinely scan for common admin URL patterns across thousands of websites. Changing your admin URL to something unpredictable adds a meaningful layer of defense.

The primary reason to change the admin folder name is to reduce exposure to brute-force login attacks. If an attacker cannot find your login page, they cannot attempt to guess your password. This is not a replacement for strong passwords and other security measures, but it is an effective first step that costs nothing and takes only minutes to implement.

Additionally, a custom admin URL makes your store look more professional if employees or clients need to access the back office. A URL like yourdomain.com/manage-store/ is easier to remember and communicate than yourdomain.com/admin7382pqxz/.

How PrestaShop Admin URLs Work

PrestaShop's admin directory is a physical folder on your server. When you type yourdomain.com/admin1234/ in your browser, the web server looks for the admin1234 directory and serves the index.php file inside it. This means changing the admin URL is primarily a matter of renaming the directory on your server's filesystem.

Inside the admin directory, PrestaShop stores controller files, template files, and configuration that references the admin path. In PrestaShop 1.7 and 8.x, the admin directory also contains Symfony routing components. The internal configuration stores the admin directory name in the file app/config/parameters.php (or config/parameters.php on older versions) under the key ps_admin_dir. This value must match the actual directory name for the back office to function correctly.

Step-by-Step: Renaming the Admin Directory

Method 1: Via FTP or File Manager

This is the safest and most straightforward method. It works on all hosting types and all PrestaShop versions from 1.6 through 8.x and 9.x.

1. Connect to your server via FTP (FileZilla, WinSCP) or use your hosting control panel's file manager (cPanel, Plesk).
2. Navigate to your PrestaShop root directory — this is where you see folders like classes/, modules/, themes/, and your current admin folder.
3. Identify your current admin folder. It will be named something like admin1234 or admin-dev (on development installations). Do not confuse it with the admin-dev/ folder if you have the source code version installed.
4. Rename the folder to your desired name. Right-click the folder in your FTP client and select "Rename." Choose a name that is hard to guess but easy for you to remember. Good examples: manage-xyz, backoffice-abc, control-2024. Avoid obvious names like admin, administrator, backend, dashboard, or manage.
5. Update the configuration file. Open app/config/parameters.php in a text editor and find the line containing ps_admin_dir. Change the value to match your new directory name exactly.
6. Clear the cache. Delete the contents of var/cache/prod/ and var/cache/dev/ (if it exists). The old cache contains references to the previous admin directory name.
7. Test the new URL. Open your browser and navigate to yourdomain.com/your-new-admin-name/. You should see the PrestaShop login page.

Method 2: Via SSH (Command Line)

If you have SSH access to your server, you can rename the directory with a single command:

cd /var/www/html/prestashop
mv admin1234 your-new-name

Then update the configuration:

sed -i "s/admin1234/your-new-name/g" app/config/parameters.php

And clear the cache:

rm -rf var/cache/prod/* var/cache/dev/*

This method is faster and less error-prone than using FTP, especially if the directory name appears in multiple places in the configuration file.

Differences Between PrestaShop Versions

PrestaShop 1.6

In PrestaShop 1.6, the admin directory name is stored in config/settings.inc.php rather than app/config/parameters.php. Look for a line like:

define('_PS_ADMIN_DIR_', '/var/www/html/prestashop/admin1234');

Change the path to match your new directory name. The app/ directory structure does not exist in 1.6 because it predates the Symfony integration. Otherwise, the process of renaming the directory is identical.

PrestaShop 1.7

PrestaShop 1.7 introduced the Symfony framework, which added the app/config/parameters.php file. However, 1.7 still maintains backward compatibility with some legacy admin routing. After renaming, clear both the Smarty cache (var/cache/) and the Symfony cache. The admin directory name is stored in parameters.php under the parameters array:

'parameters' => array(
    // ...
    'ps_admin_dir' => 'your-new-name',
    // ...
)

PrestaShop 8.x

PrestaShop 8.x continues the 1.7 architecture with deeper Symfony integration. The process is the same as 1.7, but the parameters.php file may use Symfony's YAML-based configuration in some setups. Check both app/config/parameters.php and app/config/parameters.yml if present. After renaming, always clear the cache completely.

PrestaShop 9.x

PrestaShop 9.x further refines the Symfony integration. The admin directory concept remains, but the routing is more heavily Symfony-based. The parameters.php or parameters.yml file still contains the admin directory reference. The renaming process is unchanged, but pay extra attention to clearing all cache layers, as the Symfony routing cache is more aggressive in 9.x.

Updating .htaccess After Renaming

In most cases, you do not need to modify the .htaccess file in your PrestaShop root directory after renaming the admin folder. PrestaShop's .htaccess rules typically do not reference the admin directory by name. The rewrite rules handle the front office (customer-facing) URLs, and the admin directory is accessed directly without rewriting.

However, there are exceptions. If you have added custom security rules to .htaccess that reference the old admin directory name, you must update those rules. For example, if you previously added IP whitelisting for the admin area:

# Old rule
<Directory /var/www/html/prestashop/admin1234>
    Order Deny,Allow
    Deny from all
    Allow from 203.0.113.50
</Directory>

This needs to be updated to reference the new directory name. Similarly, check any security plugins (like mod_security rules) or CDN configurations (Cloudflare page rules) that may reference the old admin path.

Also check the .htaccess file inside the admin directory itself. PrestaShop places one there for internal routing. This file usually does not need modification because it uses relative paths, but verify it after renaming to make sure nothing is broken.

Common Pitfalls and What NOT to Do

Do Not Use Symlinks as a Shortcut

Some administrators create a symbolic link from a new name to the old admin directory instead of actually renaming it. This defeats the purpose entirely because the old directory still exists and is accessible. Always perform a true rename, not a symlink.

Do Not Forget to Update parameters.php

The single most common mistake is renaming the directory but forgetting to update the configuration file. When this happens, you will see a white page or a 500 error when trying to access the admin panel. PrestaShop internally references the admin directory name from the configuration, and a mismatch causes immediate failure.

Do Not Choose Obvious Names

Renaming your admin directory from admin1234 to admin or administrator is counterproductive. Automated scanners check these obvious names first. Choose something that combines words and numbers in a way that is not easily guessable: store-mgmt-7x9, bo-access-42, or even a completely random string like kx9m4p2q.

Do Not Rename While Users Are Logged In

Active back office sessions will break immediately when you rename the directory. Any admin user currently logged in will see an error and lose unsaved work. Perform the rename during a low-traffic period and notify any staff who use the back office.

Do Not Forget Bookmarks and Saved Links

After renaming, update any bookmarks, browser saved passwords, password manager entries, and documentation that reference the old admin URL. Notify all staff members who access the back office about the new URL.

Do Not Use Special Characters or Spaces

The admin directory name must be a valid URL path component. Use only lowercase letters, numbers, and hyphens. Avoid spaces, underscores (though they work, hyphens are cleaner), accented characters, and any special characters.

Module Conflicts and Third-Party Considerations

Most well-written PrestaShop modules use internal PrestaShop functions to determine the admin directory path rather than hardcoding it. These modules will continue to work after renaming without any intervention. However, some poorly coded modules may hardcode the admin path in their configuration files, JavaScript, or AJAX endpoints.

After renaming your admin directory, test the following in your back office:

• All installed modules — open each module's configuration page
• Any module that uses AJAX calls (check the browser console for 404 errors)
• Payment module callbacks and webhooks
• Any custom integrations or ERP connections that reference the admin URL
• Cron jobs that call admin-side scripts

If a module breaks after renaming, check its configuration files for hardcoded admin paths. Many modules store their settings in the ps_configuration database table, and some of these values may contain the old admin directory name.

To search your database for references to the old admin directory:

SELECT * FROM ps_configuration WHERE value LIKE '%admin1234%';

Replace admin1234 with your old directory name and ps_ with your actual database prefix.

Additional Security Measures for the Admin Area

Renaming the admin directory is a good first step, but it should be part of a comprehensive security strategy. Consider these additional measures:

IP Address Whitelisting

If you and your team always access the back office from fixed IP addresses, you can restrict access at the web server level. For Apache, add to your admin directory's .htaccess:

Order Deny,Allow
Deny from all
Allow from 203.0.113.50
Allow from 198.51.100.25

For Nginx, add to your server block:

location /your-admin-name/ {
    allow 203.0.113.50;
    allow 198.51.100.25;
    deny all;
}

This is extremely effective because even if an attacker discovers your admin URL, they cannot access the login page from an unauthorized IP address.

Two-Factor Authentication (2FA)

PrestaShop 8.x does not include built-in 2FA, but several modules provide this functionality. Two-factor authentication requires a second verification step (typically a code from a mobile app like Google Authenticator) in addition to the password. This makes brute-force attacks essentially impossible even if the attacker knows both the admin URL and the password.

SSL/TLS Certificate

Always access your admin panel over HTTPS. This encrypts the login credentials in transit, preventing man-in-the-middle attacks. Most hosting providers offer free SSL certificates through Let's Encrypt. PrestaShop's back office should be configured to force SSL in Shop Parameters > General > Enable SSL and Enable SSL on all pages.

Login Attempt Limiting

PrestaShop includes basic brute-force protection that locks out IP addresses after a certain number of failed login attempts. Ensure this is enabled in your security settings. You can also implement rate limiting at the web server level using modules like mod_evasive for Apache or limit_req for Nginx.

Regular Password Rotation

Ensure all admin accounts use strong, unique passwords. A good password is at least 16 characters and includes a mix of letters, numbers, and symbols. Use a password manager to generate and store these passwords. Rotate passwords periodically, especially when an employee leaves the company or a security incident occurs.

Audit Admin Accounts

Regularly review the list of admin accounts in Advanced Parameters > Team > Employees. Remove or disable accounts for employees who no longer need access. Each person should have their own account rather than sharing credentials, which makes it possible to track who made which changes.

What Happens If You Lose Access

If you rename the admin directory and cannot access the back office, do not panic. Connect to your server via FTP or SSH and either rename the directory back to its original name or check the parameters.php file to ensure the directory name matches. If you have lost track of both the directory name and the configuration, look at the actual directory listing on your server — the admin directory is the one containing files like ajax-tab.php, init.php, and a themes/ subdirectory with the back office theme.

You can also find the admin directory name in the database:

SELECT value FROM ps_configuration WHERE name = 'PS_ADMIN_DIR';

However, note that not all PrestaShop versions store this value in the configuration table. The parameters.php file is the authoritative source.

Automating Admin URL Changes with a Script

If you manage multiple PrestaShop installations, you can create a simple shell script to automate the renaming process:

#!/bin/bash
OLD_NAME="$1"
NEW_NAME="$2"
PS_ROOT="/var/www/html/prestashop"

if [ -z "$OLD_NAME" ] || [ -z "$NEW_NAME" ]; then
    echo "Usage: $0 old-admin-name new-admin-name"
    exit 1
fi

mv "$PS_ROOT/$OLD_NAME" "$PS_ROOT/$NEW_NAME"
sed -i "s/$OLD_NAME/$NEW_NAME/g" "$PS_ROOT/app/config/parameters.php"
rm -rf "$PS_ROOT/var/cache/prod/*" "$PS_ROOT/var/cache/dev/*"
echo "Admin directory renamed from $OLD_NAME to $NEW_NAME"
echo "Please verify access at: yourdomain.com/$NEW_NAME/"

Save this as rename-admin.sh, make it executable with chmod +x rename-admin.sh, and run it with the old and new directory names as arguments. Always test the new URL immediately after running the tool.

By following these steps and combining the admin URL change with additional security measures, you significantly reduce the attack surface of your PrestaShop store's back office.

For more details, read our guides: PrestaShop Security Hardening: The Complete Checklist and Two-Factor Auth, Password Policies and Admin Security for PrestaShop.