How do you change the WordPress admin login URL? You should ensure that your login page is not accessible to hackers or malicious attackers to prevent them from accessing your website’s admin page and messing things up.
Even though using a strong, unique long password can prove advantageous in preventing unauthorized access to your site, there is never enough that can be done to ensure that your site is secure.
You can prevent bad guys from accessing your WordPress account by moving the login page to a new unique URL.
Changing the login URL would be beneficial when it comes to fighting random attacks, hackers, and brute-force attacks on your WordPress site.
This article will explain why you need to change your WordPress login URL, what WordPress admin URLs you have to change, and how to change the WordPress login page with three methods.
Why do You need to Change Your WordPress Login URL?
WordPress CMS is among the most popular content management systems. Because of that, it is also one of the most popular among hackers.
Furthermore, anyone can access your WordPress login page by adding the “
wp-admin” or “
wp-login.php” to your website’s address. Consequently, hackers can conduct attacks primarily through your login URL.
A custom login URL is one of the simplest and most effective ways to prevent hackers from accessing your WordPress site.
Doing so can protect your login page from malicious activity and ensure that only people you trust are granted access.
What WordPress Admin URLs do You Have to Change?
It is possible to log in directly to WordPress by entering the URL
/wp-login.php or typing
/wp-admin/. It will redirect you there if you are not currently logged in.
There are three types of WordPress URLs you have to change:
/wp-login.php to /login/ /wp-admin/ to /admin/ /wp-login.php?action=register to /register/
It would be best if you changed your login URL. This refers to the URLs used to log in, register, and administer your account.
How to Change the WordPress Login Page (3 Methods)?
Hackers and malicious attackers may access your website’s admin page if your login page is accessible to them. Changing your login URL prevents them from logging into your WordPress account.
It is possible to change the URL for the WordPress admin page and to customize the login page manually using the following step-by-step instructions or by using plugins specifically designed to customize the login page for WordPress or plugins for customizing WordPress dashboard.
This section will present three methods to change the WordPress login URL:
Method 1: Change Your WordPress Login Page with a Plugin
There are several ways to change your WordPress login URL page, the most common and easiest one being to use a free plugin such as WPS Hide Login.
It is very lightweight, and, more importantly, it does not modify any core files or add any rewrite rules to the website.
In addition to intercepting requests, it’s also compatible with BuddyPress, bbPress, Limit Login Attempts, and User Switching plugins.
Follow these steps to use this plugin:
- Install and activate the plugin.
- Go to Settings and click on WPS Hide Login.
- Add the new Login URL in the Login URL field.
- Add the redirect URL in the Redirection URL . It will be triggered if someone attempts to access the standard
wp-login.phppage and the
wp-admindirectory without logging into the site.
- Click on the Save Changes button.
Method 2: Change Your WordPress Login Page Editing Your
Other technical ways to change or hide the WordPress login page URL include editing your
In typical cPanel installations, the
.htaccess file defines rules and establishes system-wide settings. There are two ways that
.htaccess can be used to hide the login page.
The first way to change your WordPress login page by editing your
.htaccess file involves protecting your login page with
.htpasswd so that anyone accessing the page must enter a password.
Secondly, you can make your login page available only to IP addresses from a list of trusted addresses.
Method 3: Change the WordPress Login URL Without a Plugin
A variation of the
wp-login.php file can be used to change the WordPress login URL. It is highly recommended that you use a text editor to follow this process since you will make changes to a WordPress core file.
In addition, you may disable automatic updates to the WordPress core to prevent the original
wp-login.php file from being reinstalled without your knowledge.
So, follow these steps to change the login URL using the
- Have a Backup of
Since you will be modifying the
wp-login.php file, it is essential to have a backup to undo any changes made, particularly if you have previously modified the file.
WordPress installations include a file called
wp-login.php at the top of the directory. The latest version of WordPress will provide you with the easiest way to access
wp-login.php if you have never altered it.
It is also possible to download older WordPress versions if the latest WordPress version is not used on your website.
- Rename the
You should rename the original wp-login.php file once you have created a backup. It will be registered with WordPress as a new file name with the help of a WordPress hook later on.
The file can be renamed to any name of your choice. Many WordPress users rename their login files with the same name they use for their login URL. Still, it is essential to note they do not necessarily have to match.
- Replace all references of
You can replace all references to wp-login with a new login URL using the Find and Replace feature. The Find & Replace feature is available in all text editors and IDEs.
Follow these steps to do it in Visual Studio:
a. Go to the Find and Replace option under the Edit tab.
wp-login in the Find field.
c. Enter your new URL path in the Replace field.
d. Click on the Replace All button.
After clicking on this button, you should see a confirmation that the search and replace process has been completed.
e. Save the changes before exiting the editor.
- Upload the new WordPress login file.
It is now necessary for you to upload your new WordPress login file to your website. The easiest way to do this is to use an FTP client or a file manager available through your hosting control panel.
- Change its file permissions to 644 or 640 when the new login file has been uploaded.
Note: The failure to perform this step will prevent you from accessing the login page in the future.
- Add Logout & Lost Password filter hooks to
wp-login.php file is used by default by WordPress to log out users. The result is that even if the file you are using to log into your website changes, WordPress will still attempt to log you out of your website using the
To resolve this issue, you should use the
logout_url filter hook, which allows you to change the URL users are directed to when logging out.
lostpassword_url can be used to verify that the lost password URL displayed on the WordPress login form is accurate.
In order to implement these hooks, you must copy and paste the following code into the
functions.php file of your theme:
// Filter & Function to rename the WordPress logout URL add_filter( 'logout_url', 'betterstudio_logout_page', 10, 2 ); function betterstudio_logout_page( $logout_url) return home_url( '/my-secret-login.php'); // The name of your new login file // Filter & Function to rename Lost Password URL add_filter( 'lostpassword_url', 'betterstudio_lost_password_page', 10, 2 ); function betterstudio_lost_password_page( $lostpassword_url ) return home_url( '/my-secret-login.php?action=lostpassword'); // The name of your new login file
By using this code, users will be logged out correctly and directed to the new login page.
Note: You must change my-secret-login to the login path you are using.
Typically, WordPress themes contain a
functions.php file located at the top. Even though you can edit themes within the WordPress admin area, you must disable this feature to ensure security.
functions.php file can be updated offline and then updated using FTP or a file manager.
A practical alternative is to use a snippets plugin such as Code Snippets, which automatically inserts the code you enter into any theme.
- Test the new Login URL.
If all steps were followed correctly, you should be able to log in to your new login URL now. As a result, you should be redirected to your new login URL once logged out. Before proceeding to the next step, it is recommended that you test this.
- Delete the old
wp-loginfile from your website.
Once you have confirmed that your new login URL works correctly, delete the original
wp-login.php file from your website via FTP or a file management application.
This way, you will ensure that anyone trying to access your website from the old login URL cannot do so.
wp-login.php redirect users to the WordPress admin area to log in. Anyone attempting to access
wp-login.php should see a 404 error message.
You may be able to use the
login_url filter hook if you are not trying to hide the location of your WordPress login URL but simply wish to change its name.
login_url filter hook changes the login file that users are redirected to during login and the URL that users are redirected to during access to
Consequently, if you use the
login_url filter hook in combination with the
login.php file, anyone accessing
/wp-admin/ will be redirected to your new login page automatically.
By redirecting users to the new login file, you defeat the purpose of hiding the
wp-login.php file from a security point of view.
Although there are several ways to resolve this issue, the method demonstrated above is more straightforward.
WordPress Login URL Frequently Asked Questions
This section will answer frequently asked questions on the topic to help you out:
Although WordPress does not permit you to change the login URL by default, you can automate the process by editing the files, adding hooks, using
.htaccess, or by using a WordPress security plugin.
It would be best to record your new login URL somewhere safe when you receive it. If you need to remember the URL, you can retrieve it easily.
You will need to check the leading WordPress directory for the new file name or refer to your amended
.htaccess file for the new file name.
You can temporarily deactivate the plugin you have used to change WP login URL by renaming its associated plugin directory.
Using this method will reset the login URL until it is activated again. You may also refer to your WordPress database because plugins typically save the new login URLs.
Compared to other security measures, such as disabling XML-RPC, changing the WordPress login URL does not provide the same protection as preventing attacks and unauthorized access to the website.
In many cases, changing the WordPress login URL is a pointless endeavor. However, taking this extra step may prove worthwhile for others if it slows down would-be attackers.
This article has explained why you need to change your WordPress login URL, what WordPress admin URLs you have to change, and how to change the WordPress login page with three methods.
Our sincere pleasure that you have taken the time to read this article. If you have any questions or comments, please leave them in the comments section.