Hide the Joomla Administrator Login URL

Securing a website is one of the most important task for a site administrator. There is always the ever-growing threat of online criminals looming large over the sea of websites ready to strike anytime upon an unassuming target. Meanwhile, to hide the Joomla administrator login URL is only a part of the vast security measures that needs to be implemented on a Joomla site.

There is no permanent solution to secure a Joomla website or any website for that matter. Likewise, there is no one-size fits all solution either. Any opensource script is out there for all to see, so any vulnerability found in the script can be exploited. In fact, it is very important to go through the Joomla Security checklist for every Site Administrator.

The best method to secure the administrator login area is probably via .htaccess by either blocking access from IP addresses other than that of the administrator or setting passwords. Having said that, hiding the Joomla administrator URL does add a layer of protection.

There are some free extensions that enables you to hide the Joomla administrator login URL. All these extensions work on one principle as far as the hidden URL is concerned – to replace the regular administrator URL with a new URL as determined by the administrator.

Extensions that lets you hide the Joomla administrator login URL

    1. AdminExile

      • Download the AdminExile plugin from the Joomla Extensions Directory.
      • Login to your Joomla back-end and install the plugin.
      • Navigate to Extensions > Plugins  and search for AdminExile.
      • Configure and enable the plugin.
        Hide Joomla administrator URL - Admin exile configuration
        Back-end Security – This is where you enter the Access Key. Once you set the key, remember it or copy the new URL to your hard drive. You can access the administrator login page at yourdomain.com/administrator?yourkey.
        IP Security – This feature allows you to blacklist IP addresses from accessing your administrator area. You can also receive email alerts if somebody tries to login multiple times.
        Bruteforce – This function will block bruteforce to your login URL. Bruteforce is an attack from an automated script that tries to login with different combinations of letters, numbers and symbols.
    2. JSecure Lite

      • Download the plugin
      • Install and configure the plugin.
      • Enter the secret key and enable the plugin.
      • You can access your administrator login URL at yourdomain.com/administrator?yourseceretkey
        Hide Joomla administrator login URL - JSecure configuration
    3. KSecure

      • Download the plugin
      • Install and configure.
        Hide Joomla Administrator Login URL - KSecureThere are two modes to secure your administrator area. The first one and also the recommended mode is HTTP Authentication, which sets a password to access the admin area. The second one is Compapility mode, which hides the administrator login URL. Either way, try to remember the password. As with AdminExile and Jsecure Lite, you can access the admin login page with the URL yourdomain.com/administrator/yourpassword.
    4. Admin Tools

      Download the plugin here. As the name suggests, this component from Akeeba has more administration tools besides securing the admin login page.
      Hide Joomla administrator login URL - Admin Tools
      With Admin Tools you can:

      • Fix file permissions.
      • Repair and optimise database.
      • Clean Temp directory
      • Secure the administrator login page with a password.

So these are some free extensions that you can use to either protect the admin area with a password or hide the Joomla administrator login page with a secret key. If there are other such extensions with better functionalities, please let us know in the comments below.

How to hide the Joomla administrator login URL
5 (99.39%) 33 votes
A simple guy and a Joomla! enthusiast - author at Joomguide.


  1. Up until now, I didn’t know that AdminExile existed. In fact, it’s never really crossed my mind to change the default admin url but on one of my Joomla sites, I had to tell my users that it’s built on Joomla and as such, I can’t afford to let them have access to the admin section. I recently read of a way to create a custom url using .htaccess file. CAn you verify the code?

  2. You really make it seem so easy together with your presentation however I to find this matter
    to be actually one thing that I feel I might never understand.
    It kind of feels too complicated and very wide for me.
    I’m taking a look forward to your next post, I will try to get
    the cling of it!