Secure your Magento Admin

Secure your Magneto admin
Changing the URL for your Magento admin isn't really a way to protect your store; security through obscurity isn't security at all. Fortunately, there is a nice simple modification that you can make to your .htaccess file to protect certain URLs from prying eyes.

For a single-store view Magento installation

############################################
## Secure admin

RewriteCond %{REQUEST_URI} ^/(index.php/)?admin/ [NC,OR]
RewriteCond %{REQUEST_URI} ^/downloader/ [NC]
RewriteCond %{REMOTE_ADDR} !^my.ip.add.ress
RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [R=302,L]

For a Store View in a Subdirectory

If you have Magento installed in a subdirectory, or a store view as a virtual subdirectory of the main domain name, Eg. https://www.sonassi.com/shop/ Eg. https://www.sonassi.com/en/ Eg. https://www.sonassi.com/fr/
############################################
## Secure admin

RewriteCond %{REQUEST_URI} ^/(downloader|shop/|en|fr/)?(index.php/)?admin/ [NC,OR]
RewriteCond %{REQUEST_URI} ^/downloader/ [NC]
RewriteCond %{REMOTE_ADDR} !^my.ip.add.ress
RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [R=302,L]