Masking Access to the Control Panel

There may be times when you wish to give some of your users access to your ExpressionEngine Control Panel. ExpressionEngine provides a means for you to allow access to your Control Panel without revealing its location to your users. This provides you with increased security.

To use this feature, follow these simple steps.

Copy admin.php and path.php

Look in your system/utilities/ directory and you will find a file named admin.php. Copy this file and place it wherever you would like access to be granted. That file is the file users will load in order to access the Control Panel. If you would like users to access your Control Panel via then place the file in your main directory.

If you want, you may rename the admin.php file to another name.

Further, you must place a copy of the main site path.php file into the same directory. If you are placing your admin.php file in a subdirectory, then make a copy of your main site directory path.php file.

Edit path.php

Once you've copied the files, you must ensure that path.php has the correct setting inside it.


You must ensure that the $system_path variable is set correctly within the file. The variable should contain a relative path from the current directory (in which the path.php file resides) to your site's system directory. For instance:

$system_path = "../system/";

You're Done!

Your users can now access your Control Panel via your new admin.php file without ever knowing where your backend files are actually located.