Prestashop Admin : How to access the prestashop backoffice?

prestashop migration
11Jul
prestashop

Prestashop is one of the world’s most popular solutions for building online stores.
One of its great strengths is its backoffice management interface.
Prestashop’s backoffice allows you to manage all the functionalities of your online store: products, prices, inventory, customers, sales… The backoffice allows you to do everything on the store and to access sensitive data, such as customers’ personal data or payment information.
It is therefore imperative that no-one has access to it, and that the Prestashop backoffice is perfectly secure.
Let’s take a look at how the Prestashop backoffice is secured and how to access it. prestashop admin

Prestashop backoffice access

Default login URL

The Prestashop backoffice is accessible via a dedicated URL.
By default, after Prestashop has been installed, it takes the form“https://<your.domain.name>/admin”.
The advantage of this URL is that it’s easy to remember.
The disadvantage is that anyone can find it, including people with malicious intent.
For obvious security reasons, we strongly advise you to change the URL used to access the Prestashop back office.
A simple way to do this is to change the name of the “admin” directory on the server.

Connection interface

The Prestashop backend login page displays a form allowing you to enter your administrator login and password.
This information is defined during Prestashop installation and configuration.
However, other users with administrative rights may be created at a later date.
Once you’ve entered your username and password correctly, you can log in.

Common problems

Password forgotten

If you have forgotten your password, a link on the login page will allow you to reset it.
After confirmation, you’ll be able to set a new password and log back in to the Prestashop backoffice.

Access blocked

Depending on Prestashop’s configuration, a user’s access may be temporarily blocked after several unsuccessful authentication attempts.
In the case of a temporary block, it’s usually sufficient to wait a while before trying again.
Otherwise, you’ll need to contact another Prestashop site administrator or a system administrator so that they can reset the password and reactivate the user account.

Page not found

If the backoffice login page has been renamed for security reasons, you may receive a 404 error (page not found).
In this case, make sure you use the correct URL to display the login page.  

Secure access to the Prestashop backoffice

Rename “admin” folder

By renaming the “admin” folder on the Prestashop site, you change the URL of the Prestashop backoffice login page.
The new directory name must be simple enough to be easily remembered and different enough from “admin” not to be easily or mistakenly discovered.

Using an HTTPS connection

The use of an HTTPS (HTTP Secure) connection has become a web standard.
HTTPS enables secure data transmission between the user’s browser and the web server.
All data exchanged is encrypted and therefore cannot be intercepted.
Setting up an HTTPS connection requires the use of an SSL certificate.
This can easily be obtained from your web host.
There are also free services, such as “Let’s Encrypt“, which can generate SSL certificates.

Restrict backoffice access

Access to the backoffice connection URL can also be restricted.
The “.htaccess” file or a firewall can be used to authorize only certain IP addresses to connect to the Prestashop backoffice URL.
This way, only certain computers will be able to access the backoffice.

Using two-factor authentication

Prestashop site security can be enhanced by implementing a two-factor authentication system.
During user authentication, an additional code is generated by an authentication application and sent to the user’s registered cell phone number.
This security code must be entered in addition to the user ID and password in order to access the Prestashop backoffice.

Modules for enhanced safety

There are a large number of modules available for Prestashop to reinforce backoffice access security.
The choice of adding a security module will depend above all on your site and what you want to do with it.
One example is “Google Two-Factor Authenticator For Back Office Security“.
This module adds two-factor authentication.
Users wishing to connect to the back office must enter a code generated by Google Authentifcator and sent to their phone, in addition to their login and password.

To conclude on Prestashop admin backoffice access

Access to the Prestashop backoffice is essential if you want to manage your online store.
However, as the backoffice gives access to the entire site, its configuration and all sensitive information stored in the database, it must be perfectly secure.
Don’t hesitate to contact me if you’d like to secure access to your Prestashop store’s backoffice.
As an experienced Prestashop developer, I’m perfectly qualified to help you secure and optimize your Prestashop backoffice.

Grégory CHARTIER

Expert Prestashop

permission prestashop
10 August 2025 prestashop
Understanding and mastering Permissions in Prestashop

Find out how Prestashop permissions work... It's a technical subject, but also a strategic one. And why? Because...

redirection prestashop
8 May 2025 prestashop
PrestaShop redirections: Setting up a 301 or 302 in Prestashop

Discover everything there is to know about redirects, with concrete examples, methods, tested and approved modules...

template prestashop
15 April 2025 prestashop
Template PrestaShop: 7 sites to find templates

Discover the best sites to find PrestaShop templates, my experience, my advice and concrete examples to help you...