How do you change the WordPress admin login URL? You should ensure that your login page is not accessible to hackers or malicious attackers to prevent them from accessing your website’s admin page and messing things up.
Even though using a strong, unique long password can prove advantageous in preventing unauthorized access to your site, there is never enough that can be done to ensure that your site is secure.
You can prevent bad guys from accessing your WordPress account by moving the login page to a new unique URL.
Changing the login URL would be beneficial when it comes to fighting random attacks, hackers, and brute-force attacks on your WordPress site.
This article will explain why you need to change your WordPress login URL, what WordPress admin URLs you have to change, and how to change the WordPress login page with three methods.
Why do You need to Change Your WordPress Login URL?
WordPress CMS is among the most popular content management systems. Because of that, it is also one of the most popular among hackers.
Furthermore, anyone can access your WordPress login page by adding the “wp-admin
” or “wp-login.php
” to your website’s address. Consequently, hackers can conduct attacks primarily through your login URL.
A custom login URL is one of the simplest and most effective ways to prevent hackers from accessing your WordPress site.
Doing so can protect your login page from malicious activity and ensure that only people you trust are granted access.
What WordPress Admin URLs do You Have to Change?
It is possible to log in directly to WordPress by entering the URL /wp-login.php
or typing /wp-admin/
. It will redirect you there if you are not currently logged in.
There are three types of WordPress URLs you have to change:
/wp-login.php to /login/
/wp-admin/ to /admin/
/wp-login.php?action=register to /register/
It would be best if you changed your login URL. This refers to the URLs used to log in, register, and administer your account.
How to Change the WordPress Login Page (3 Methods)?
Hackers and malicious attackers may access your website’s admin page if your login page is accessible to them. Changing your login URL prevents them from logging into your WordPress account.
It is possible to change the URL for the WordPress admin page and to customize the login page manually using the following step-by-step instructions or by using plugins specifically designed to customize the login page for WordPress or plugins for customizing WordPress dashboard.
This section will present three methods to change the WordPress login URL:
Method 1: Change Your WordPress Login Page with a Plugin
There are several ways to change your WordPress login URL page, the most common and easiest one being to use a free plugin such as WPS Hide Login.
It is very lightweight, and, more importantly, it does not modify any core files or add any rewrite rules to the website.
In addition to intercepting requests, it’s also compatible with BuddyPress, bbPress, Limit Login Attempts, and User Switching plugins.
Follow these steps to use this plugin:
- Install and activate the plugin.
- Go to Settings and click on WPS Hide Login.
- Add the new Login URL in the Login URL field.
- Add the redirect URL in the Redirection URL . It will be triggered if someone attempts to access the standard
wp-login.php
page and thewp-admin
directory without logging into the site. - Click on the Save Changes button.
Method 2: Change Your WordPress Login Page Editing Your .htaccess
File
Other technical ways to change or hide the WordPress login page URL include editing your .htaccess
file.
In typical cPanel installations, the .htaccess
file defines rules and establishes system-wide settings. There are two ways that .htaccess
can be used to hide the login page.
The first way to change your WordPress login page by editing your .htaccess
file involves protecting your login page with .htpasswd
so that anyone accessing the page must enter a password.
Secondly, you can make your login page available only to IP addresses from a list of trusted addresses.
Method 3: Change the WordPress Login URL Without a Plugin
A variation of the wp-login.php
file can be used to change the WordPress login URL. It is highly recommended that you use a text editor to follow this process since you will make changes to a WordPress core file.
In addition, you may disable automatic updates to the WordPress core to prevent the original wp-login.php
file from being reinstalled without your knowledge.
So, follow these steps to change the login URL using the wp-login.php
file:
- Have a Backup of
WP-Login.php
.
Since you will be modifying the wp-login.php
file, it is essential to have a backup to undo any changes made, particularly if you have previously modified the file.
WordPress installations include a file called wp-login.php
at the top of the directory. The latest version of WordPress will provide you with the easiest way to access wp-login.php
if you have never altered it.
It is also possible to download older WordPress versions if the latest WordPress version is not used on your website.
- Rename the
WP-Login.php
file.
You should rename the original wp-login.php file once you have created a backup. It will be registered with WordPress as a new file name with the help of a WordPress hook later on.
The file can be renamed to any name of your choice. Many WordPress users rename their login files with the same name they use for their login URL. Still, it is essential to note they do not necessarily have to match.
- Replace all references of
wp-login
.
You can replace all references to wp-login with a new login URL using the Find and Replace feature. The Find & Replace feature is available in all text editors and IDEs.
Follow these steps to do it in Visual Studio:
a. Go to the Find and Replace option under the Edit tab.
b. Enter wp-login
in the Find field.
c. Enter your new URL path in the Replace field.
d. Click on the Replace All button.
After clicking on this button, you should see a confirmation that the search and replace process has been completed.
e. Save the changes before exiting the editor.
- Upload the new WordPress login file.
It is now necessary for you to upload your new WordPress login file to your website. The easiest way to do this is to use an FTP client or a file manager available through your hosting control panel.
- Change its file permissions to 644 or 640 when the new login file has been uploaded.
Note: The failure to perform this step will prevent you from accessing the login page in the future.
- Add Logout & Lost Password filter hooks to
functions.php
.
The wp-login.php
file is used by default by WordPress to log out users. The result is that even if the file you are using to log into your website changes, WordPress will still attempt to log you out of your website using the wp-login.php
file.
To resolve this issue, you should use the logout_url
filter hook, which allows you to change the URL users are directed to when logging out.
Also, the lostpassword_url
can be used to verify that the lost password URL displayed on the WordPress login form is accurate.
In order to implement these hooks, you must copy and paste the following code into the functions.php
file of your theme:
// Filter & Function to rename the WordPress logout URL
add_filter( 'logout_url', 'betterstudio_logout_page', 10, 2 );
function betterstudio_logout_page( $logout_url) {
return home_url( '/my-secret-login.php'); // The name of your new login file
}
// Filter & Function to rename Lost Password URL
add_filter( 'lostpassword_url', 'betterstudio_lost_password_page', 10, 2 );
function betterstudio_lost_password_page( $lostpassword_url ) {
return home_url( '/my-secret-login.php?action=lostpassword'); // The name of your new login file
}
By using this code, users will be logged out correctly and directed to the new login page.
Note: You must change my-secret-login to the login path you are using.
Typically, WordPress themes contain a functions.php
file located at the top. Even though you can edit themes within the WordPress admin area, you must disable this feature to ensure security.
The functions.php
file can be updated offline and then updated using FTP or a file manager.
A practical alternative is to use a snippets plugin such as Code Snippets, which automatically inserts the code you enter into any theme.
- Test the new Login URL.
If all steps were followed correctly, you should be able to log in to your new login URL now. As a result, you should be redirected to your new login URL once logged out. Before proceeding to the next step, it is recommended that you test this.
- Delete the old
wp-login
file from your website.
Once you have confirmed that your new login URL works correctly, delete the original wp-login.php
file from your website via FTP or a file management application.
This way, you will ensure that anyone trying to access your website from the old login URL cannot do so.
/wp-admin/
and wp-login.php
redirect users to the WordPress admin area to log in. Anyone attempting to access /wp-admin/
or wp-login.php
should see a 404 error message.
You may be able to use the login_url
filter hook if you are not trying to hide the location of your WordPress login URL but simply wish to change its name.
The login_url
filter hook changes the login file that users are redirected to during login and the URL that users are redirected to during access to /wp-admin/
.
Consequently, if you use the login_url
filter hook in combination with the login.php
file, anyone accessing /wp-admin/
will be redirected to your new login page automatically.
By redirecting users to the new login file, you defeat the purpose of hiding the wp-login.php
file from a security point of view.
Although there are several ways to resolve this issue, the method demonstrated above is more straightforward.
WordPress Login URL Frequently Asked Questions
This section will answer frequently asked questions on the topic to help you out:
Although WordPress does not permit you to change the login URL by default, you can automate the process by editing the files, adding hooks, using .htaccess
, or by using a WordPress security plugin.
It would be best to record your new login URL somewhere safe when you receive it. If you need to remember the URL, you can retrieve it easily.
You will need to check the leading WordPress directory for the new file name or refer to your amended .htaccess
file for the new file name.
You can temporarily deactivate the plugin you have used to change WP login URL by renaming its associated plugin directory.
Using this method will reset the login URL until it is activated again. You may also refer to your WordPress database because plugins typically save the new login URLs.
Compared to other security measures, such as disabling XML-RPC, changing the WordPress login URL does not provide the same protection as preventing attacks and unauthorized access to the website.
In many cases, changing the WordPress login URL is a pointless endeavor. However, taking this extra step may prove worthwhile for others if it slows down would-be attackers.
Conclusion
This article has explained why you need to change your WordPress login URL, what WordPress admin URLs you have to change, and how to change the WordPress login page with three methods.
Our sincere pleasure that you have taken the time to read this article. If you have any questions or comments, please leave them in the comments section.
Our Facebook and Twitter pages are regularly updated with new content, so please remember to follow us so you will stay informed.