Suppose I have index.php and admin.php.
If there is no link to admin.php inside index.php, is there a way to know that the page admin.php exist , other by trying to type it in the browser ? (Because, when you don't have a index.php, and if you don't disable Index in .htacess. One can see all pages on server...)
If no, it means it's better to rename my admin page with a complex string (for example a 64 alpha numeric string) instead of "admin.php" so that someone who tried admin.php, will have a 404 instead of my admin page ? Someone trying to brute force will have to first find the admin page, and then hack the password ?