Unless the administrator account has been compromised (At which time you're already screwed), theres nothing that can really go wrong other then bruteforce, and to be quite honest, theres not bruteforcing does against secure passes .
The only one good thing when you have an /admin/ folder you can change it's name before the install and no one can guess how the folder is named if he is not admin or... hacker .
The only one good thing when you have an /admin/ folder you can change it's name before the install and no one can guess how the folder is named if he is not admin or... hacker .
Changing the name doesn't do much, and while its not quite obfuscation, by the time a real hacker is actually going for your ACP, they've most likely gotten your credentials.
The only one good thing when you have an /admin/ folder you can change it's name before the install and no one can guess how the folder is named if he is not admin or... hacker .
It doesn't change anything if your account is compromised. It's no different if a hacker tries to get into your ACP directly, or just tries to log into your account on the front end, logs in and then simply clicks the link to the ACP; the end result is the same.
That's why it's recommended you also add a .htaccess file to add another username/password combination so the ACP should the scenario above happen.
I think people are under the impression that it's a standard to have the admincp in a directory by itself which really isn't. As long as you can protect the file admin.php then it's safe.