Hi discourse,
This question maybe asked, but I cannot find answer with keywords ‘admin-login’. My question is how can I disable user access for example, https://forums.example.com/u/admin-login?
So why would you want to disable admin access?
8 Likes
exactly that.
If you ever get ‘locked out’ by read only mode or a misbehaving sso the admin login comes in quite handy 
4 Likes
Initially I have set user@example.com as admin. Then I have basic_auth connected. So I want to myself login only through basic_auth. So do for end users. This is a risk exposure if use access https://forums.example.com/u/admin-login.
How so? Only forum admins can use that login.
4 Likes
If you want increased security you can add a 2nd factor.
Are you also going to remove the forgot-password path? It has exactly the same security risk as the /u/login.
You could disable /u/admin-login with a plugin, which in the past 10 years, no one has wanted to have developed.
8 Likes
this is the way.
3 Likes
If you are self-hosting, you could also block the route in nginx etc.
Not recommended, but possible
3 Likes
Thank you all has replied the questions. My fault I thought the discourse has option to redirect the access
of /u/admin-login to its homepage. It turns out it because I’m in logged-in state, in which users are redirected.
Totally agreed /u/login is risky if admin-login is. 
HA! Yes. That can be confusing. It’s not a magic just-login-whoever-uses-that-url link!
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.