How to hide or make Ghost Admin Login URL Secret

By Saruque Ahamed Mollick

In this article, I will show you how to make your Ghost Admin Login URL secret. The default login URL is something like domain.com/ghost which is pretty much revealing. Thus I think that I should share how we can change the URL to something else.

There are multiple ways of doing this.

But again I will suggest you that if you are not a tech guy kindly do not try these on your live server.

Why Change the Admin URL?

Before diving into the nitty-gritty, let’s quickly chat about why you might want to change the admin URL in the first place. By default, Ghost uses /ghost as the admin URL. This is handy for users, but it also reveals that your site is powered by Ghost and provides a direct path to the login page. If you’re looking to add an extra layer of security and hide the fact that you’re using Ghost, changing the admin URL can be a smart move.

Method 1: The Reverse Proxy Magic ( I have shown Nginx web server)

Alright, this one’s a bit techy, but bear with me – it’s worth it! A reverse proxy is like a bouncer for your website. It can help you route incoming requests to different locations behind the scenes. Here’s how you can set it up using a web server like Nginx:

  1. Install Nginx: If you haven’t already, get Nginx up and running on your server.
  2. Configuration Time: Open up the Nginx config file  ( file name should be nginx.conf )and add something like this:

location /mysecretadminurl {
proxy_pass https://yourdomain.com/ghost;
}

What this does is route requests to https://yourdomain.com/mysecretadminurl to the actual Ghost admin URL.

Restart Nginx: After saving your changes, don’t forget to restart Nginx to apply the new configuration.

Voilà! Now your admin login page can be accessed via https://yourdomain.com/mysecretadminurl, while the true Ghost admin URL remains hidden behind the scenes.

Custom code to change the Admin Login URL

Let’s follow the below steps:

Step 1: Access Your Ghost Site’s Files

  1. Choose Your Entryway (FTP or SSH) : To start, either connect to your server using FTP (if you’re more of a file-moving wizard) or SSH (if you prefer the command-line magic). Both roads lead to the heart of your Ghost site’s files.

Step 2: Locate the Routes Configuration File

  1. Seek the Map: Now, on your journey through the files, you’ll stumble upon the mysterious routes.yaml file. This enigmatic scroll holds the keys to your Ghost site’s URL routing.

Step 3: Modify the Admin URL

  1. Open the Scroll: Crack open the routes.yaml file in your trusty text editor.
  2. Spy the Admin Trail: Look closely for the section that conjures up the admin route. It might look a little like this:

routes:
/ghost/: 'https://yourdomain.com/ghost/'

Envision a New Path: It’s time to weave a new tale. Alter the /ghost/ bit to match your secret plan. For example, if you want your spiffy new admin URL to be /mysecretadminurl/, the spell you’d weave looks like this:

routes:
/mysecretadminurl/: 'https://yourdomain.com/ghost/'

Step 4: Seal the Scroll and Share the Magic

  1. Lock in Changes: Secure your changes by saving the modified routes.yaml file.
  2. Upload Your Changes: If you’re the adventurous type who edited the file on your local machine, don’t forget to whisk it back onto the server using FTP or SSH.

Step 5: Summon Ghost’s Magic

  1. Invoke Ghost’s Power: With your changes in place, it’s time to wake up Ghost and let it know who’s boss. Simply chant:
    ghost restart

Repeat this incantation in the Ghost site’s root directory.

And there you have it, my friend! You’ve just transformed your Ghost site’s default admin login URL into a hidden treasure trove. To access it, just take a stroll down your new custom URL path (like https://yourdomain.com/mysecretadminurl/), and you’ll find yourself at the mystical Ghost admin login page.

A quick note before you don your coding cape: Play it safe by keeping backups of your site and testing changes in a safe space. And keep an ear to the ground for any future Ghost updates that might affect your custom touches.

Good luck on your coding quest, and may your admin login URL be forever shrouded in mystery and wonder! 🔮👻

Leave a Reply

Your email address will not be published. Required fields are marked *