According to documentation, to create a secret admin url (custom routing), we are having to change two files viz. custom_routing.php and Trongate_administrators.php.

My question is, why are we having to change in two places? Isn't it redundant? Ideally assigning the string in Trongate_administrators.php should be enough to define the custom routing.

The design should be like below:
1. If the private $secret_login_segment is defined in the Trongate_administrators.php, it should be used in the custom_routing.php automatically.
2. Else, it should use the default route as a fallback.

This removes the redundancy.

In fact, we can go one step further (as an enhancement) to store the admin login custom string with the user-id or token and use that for their login url. That way, we can have a different login url customised for each user for highly secure applications (say Financial apps) controlled with a setting parameter, which could be an additional layer of security where needed.

See this post.
https://trongate.io/help_bar/thread/SFSHhpkNUKZE