I have a website made in PHP, MySQL and stuff. I am using url rewrites in my website so an administrator needs to go to http://{website}.com/admin/ and enter his/her username and password there to get to control panel where he/she updates the most of website, including language files, etc.
Now I’m wondering in what way should I let this website administrators access http://{website}.com/admin.
Should they really go to that link? /admin? Because I have heard this is not the most recommended way and I think most of today’s websites manage to do this in different way? Some specially created desktop app? Other?
Please let me know what is really the most recommended way to do this.
It is not recommended because it is most obvious. Still, if your security is there it is rather irrelevant what URL it would be. By not using
/admin(but instead i.e./a32mTT) you filter out some automated attempts, but that’s mostly it. I’d not consider this “security” at all. From other hand, your users/admins may find problematic memorizing/a32mTTinstead of/admin. And finally, if your security sucks, then once your URL leak you might get toasted quickly, so focus on real security first 🙂