How To Change The Umbraco 7 Admin Url

Security should be the main concern for all web developers.  One of the most common website attacks is the classic brute-force password attack.  A hacker finds the Umbraco admin URL and then runs a dictionary attack trying to get access to the site.

One simple way to make this a lot harder to detect is to change the default admin Url so hackers can’t as easily find your log-in page.  In today’s guide, I’m going to cover how to change your admin Url from ‘Umbraco’ to secret.

Configuring Your Website

First, load up your web.config and look for the two app settings entries below:

<add key="umbracoReservedPaths" value="~/umbraco,~/install/" />
<add key="umbracoPath" value="~/umbraco" />

In here, change the ‘Umbraco’ parts in the value to the new admin Url you want to use (it’s still a web Url so don’t put invalid characters in there!). My web.config now looks like this:

<add key="umbracoReservedPaths" value="~/secret,~/install/" />
<add key="umbracoPath" value="~/secret" />

Next, in file explorer go to your webroot and find the Umbraco folder, rename it to the new admin URL prefix. In my example this is secret.

umbraco_changin_admin_url

Now, load your website and add the new URL prefix to your website’s URL. The Umbraco admin back-end should now load 🙂

umbraco_changin_admin_url_backend

Alternative Option

I should warn you that, over the years, this admin URL change seems to cause certain issues on some installs. If you have issues with the approach above you can try using a Url re-write.  In your ‘/config/urlrewriting.config’ file, add this rule:

<add name="adminrewrite" 
virtualUrl="^~/secret/"       
rewriteUrlParameter="ExcludeFromClientQueryString"
destinationUrl="~/umbraco/umbraco.aspx"
ignoreCase="true" />

Conclusion

In today’s guide, we’ve talked about the security issues of keeping the default Umbraco back-end Url.  We’ve covered two ways of changing this default Url, one through the web.config and renaming the Umbraco folder. The other by adding a re-write rule.

I personally recommend using the first approach, but over the years, a number of people have had issues implementing this, so for your project it’s probably worth seeing what works for you and just go with it.

Jon D Jones

Software Architect, Programmer and Technologist Jon Jones is founder and CEO of London-based tech firm Digital Prompt. He has been working in the field for nearly a decade, specializing in new technologies and technical solution research in the web business. A passionate blogger by heart , speaker & consultant from England.. always on the hunt for the next challenge

More Posts

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *