Secure your Magento Admin
Changing the URL for your Magento admin isn't really a way to protect your store; security through obscurity isn't security at all.
Fortunately, there is a nice simple modification that you can make to your
.htaccess
file to protect certain URLs from prying eyes.
For a single-store view Magento installation
############################################ ## Secure admin RewriteCond %{REQUEST_URI} ^/(index.php/)?admin/ [NC,OR] RewriteCond %{REQUEST_URI} ^/downloader/ [NC] RewriteCond %{REMOTE_ADDR} !^my.ip.add.ress RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [R=302,L]
For a Store View in a Subdirectory
If you have Magento installed in a subdirectory, or a store view as a virtual subdirectory of the main domain name,Eg. https://www.sonassi.com/shop/
Eg. https://www.sonassi.com/en/
Eg. https://www.sonassi.com/fr/
############################################ ## Secure admin RewriteCond %{REQUEST_URI} ^/(downloader|shop/|en|fr/)?(index.php/)?admin/ [NC,OR] RewriteCond %{REQUEST_URI} ^/downloader/ [NC] RewriteCond %{REMOTE_ADDR} !^my.ip.add.ress RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [R=302,L]