Retired Documentation:  You are using the documentation for version 1.7.3 which was retired in 2013. Go here for the latest version documentation or check here for your available upgrades to the latest version.

Masking Access to the Control Panel

There may be times when you wish to give some of your users access to your ExpressionEngine Control Panel without revealing the location of your backend ExpressionEngine files for security reasons.

To use this feature, follow these steps.

Copy admin.php

Look in your system/utilities/ folder and you will find a file named admin.php.

This is the file people will use to access the Control Panel, so copy it and place it wherever you would like access to be granted.

For example, if you would like users to access your Control Panel via then place the file in your main directory.

If you want, you may rename the admin.php file to another name.

Important: A copy of the main site path.php file must be in the same folder that you place the admin.php file. If you are placing your admin.php file in a subdirectory, then make a copy of your path.php file and place it there.

Edit path.php

If you are using a copy of the path.php file in a sub-folder you will need to edit the file so that it has the correct setting inside it.


You must ensure that the $system_path variable is set correctly within the file. The variable should contain a relative path from the current directory (in which the path.php file resides) to your site's system directory. For instance:

$system_path = "../system/";

$site_name (Multiple Site Manager only)

If you are running the Multiple Site Manager and are using this technique to setup a Site specific Control Panel login, you need to add the $site_name variable to your path.php file.

$site_name = 'Site_Short_Name';

This will tell ExpressionEngine which Site's Control Panel to login to.

$cp_url (optional)

If you run your control panel from both the system folder and a masked access file, or multiple Sites with masked access with the Multiple Site Manager, you can add this variable to your path.php file to ensure that all links created in the control panel for the logged in user are consistent.

$cp_url = '';

You're Done!

Your users can now access your Control Panel via your new admin.php file without ever knowing where your backend files are actually located.

Top of Page