Wednesday 17 August 2011

How to disable / remove Secret Key from Admin URL in Magento?


A new secret key is created every time you login to Magento Admin. So, there will be a unique key (32 chars long) for each session of your Magento admin login. This key is appended to the admin URL as http://your-admin-url/key/743c37b1…adf6588/


This is basically added for security reason. In their release note, Magento say that they added secret key to URL for CSRF (Cross-site request forgery) Attack Prevention.


Sometime you may want to access admin URL without the secret key. For this, you can disable the secret key from admin URL.

Here is how you do it:-

- Login to admin
- Go to System -> Configuration -> ADVANCED -> Admin -> Security -> Add Secret Key to URLs
- Select No
- Save Config

You are done. You will not see the secret key in admin URL nowonwards.

Hope this helps.

Posted by at No comments:

Magento: How to change Admin URL Path?

Here is a quick guide on how to change admin url path in Magento. This need to be done for security reason to be safe from hacking/cracking issue. Basically, this is done not to let any general user to access the admin page.

Generally, we do have ‘admin‘ as the administrator path for Magento. So, the admin URL will be http://www.example.com/admin/

This article will show you, how you can change the admin url. Let’s say from ‘admin‘ to ‘backend‘. So, the new admin URL will be http://www.example.com/backend/
Here is how we do it:-

- Open app/etc/local.xml
- Find the following:-

<admin>
 <routers>
  <adminhtml>
   <args>
     <frontName><![CDATA[admin]]></frontName>
   </args>
  </adminhtml>
 </routers>
</admin>

- Change

<frontName><![CDATA[admin]]></frontName>
to your desired name. Like below:-
<frontName><![CDATA[backend]]></frontName>

- Save the file
- Refresh the Cache from Magento Admin (System -> Cache Management)

Now, you should be able to access admin panel from http://www.example.com/backend/ instead of http://www.example.com/admin/
Posted by at No comments:

Magento: Disable Admin Notification Popup

Every time you login to Magento Admin panel, by default you will always encounter a notification popup message. If you not want to Pop-up when Login in Admin than simply do
 - Login to admin panel
- Go to System –> Configuration –> Advanced
- Disable Mage_AdminNotification module.
You are done :) 
Posted by at No comments:
Subscribe to: Posts (Atom)