it might be thought that I am being somewhat obsessive about security

I might agree with that! ;)

We've been running b2evo for nearly 3 years, without an incident of hacking into the back-office.

We concentrate on choosing a good login-name and password combination, then hiding the login form from "view" (not view source). Mind you, it wouldn't stop kiddie-scripters from hitting the file directly, but the built-in security measures have been enough to stop anyone from getting in.

We do backup our database, nightly, so that IF there was a break-in, we could always restore to the day/night before.

I say, "relax ... the developers provide excellent security, which is built-into the program".

(Didn't want to leave you without a response, but I personally don't know what all would need to be changed to affect an admin.php file move. I do know that it would involve hacking the core files, most likely, which would then be something you'd have to investigate and re-do, at each upgrade, which isn't fun).

Good luck. Maybe someone else knows more?

Thanks for the advice and the reassurance. It struck me that I can continue moving admin.php out of the root folder remotely via ssh. Always assuming that I wish to continue to indulge my obsession with security of course. As for hacking the core files and repeating the exercise every time there is an upgrade....I'll pass. Once again thanks for responding.