One of my biggest pet peeves is that largely popular content management systems like WordPress have the same URL to access the admin portal of any website. If you're a malicious person and you know that a site is on WordPress you could hit website.com/wp-admin and have the opportunity to hack into that site.
Changing the admin route:
I'm a huge believer in Craft CMS as an alternative, which lets you change the admin route without the use of any third-party plugins. For instance, instead of hitting /admin (the default route), you could change it to /manage or /secret-portal or something to make it less obvious to find.
I've recently embraced the JAMstack, which separates my front-end from my backend through the use of APIs and a static site generator. This means that there is no backend available to the public to try to get into my site to do something nasty. However, that doesn't mean that people still won't try.
Redirecting hackers with bad intentions:
I've hosted my new site on Netlify, a platform to host static assets. Netlify allows you to set up redirects by adding a _redirects file to your repo, instead of managing redirects in an .htaccess file or Apache config. I thought I'd get a little saucy and forward anyone trying to negatively impact my site to where they belong 😈.
Below is my _redirects file if you'd like to give that a go as your starter. Anyone trying to hit any of the routes on the left will be sent to the URL on the right. You can probably guess what youtube video that is...
Are there any common admin URLs that I've missed that I should add to the list? Do you have a web project where you're worried about security and could use some help? Feel free to hit me up, I'd love to hear from you ;).