How to Change the WordPress Login URL for Better Security
How to Change the WordPress Login URL for Better Security
Changing the default WordPress login page URL (from wp-admin or wp-login.php to a custom URL) is a common security practice to protect your site from brute force attacks and unauthorized access. Below is a step-by-step guide to help you change the WordPress admin login page URL.
Method 1: Using a Plugin (Easiest)
The easiest way to change the WordPress login URL is by using a plugin. Here’s how:
1. Install and Activate the “WPS Hide Login” Plugin
- Go to your WordPress dashboard.
- Navigate to Plugins > Add New.
- Search for “WPS Hide Login”.
- Click Install Now and then Activate.
2. Configure the Plugin
- After activation, go to Settings > WPS Hide Login.
- Enter your desired login URL in the “Login URL” field (e.g.,
my-secret-login). - Save the changes.
3. Test the New Login URL
- Access your new login URL (e.g.,
https://yourwebsite.com/my-secret-login). - The default
wp-adminandwp-login.phpURLs will no longer work.
Method 2: Manually Change the Login URL (Without a Plugin)
If you prefer not to use a plugin, you can manually change the login URL by editing your theme’s functions.php file.
1. Add Code to functions.php
- Go to your WordPress dashboard.
- Navigate to Appearance > Theme Editor.
- Select the
functions.phpfile from the list on the right. - Add the following code at the bottom of the file:
function custom_login_url() {
return home_url('/my-secret-login'); // Change 'my-secret-login' to your desired URL
}
add_filter('login_url', 'custom_login_url', 10, 3);
function redirect_default_login() {
if (strpos($_SERVER['REQUEST_URI'], 'wp-login.php') !== false || strpos($_SERVER['REQUEST_URI'], 'wp-admin') !== false) {
wp_redirect(home_url('/404')); // Redirect to a 404 page or any other page
exit();
}
}
add_action('init', 'redirect_default_login');2. Save the Changes
- Save the
functions.phpfile. - Test the new login URL (e.g.,
https://yourwebsite.com/my-secret-login).
Method 3: Using .htaccess (Advanced)
You can also use the .htaccess file to change the login URL. This method is more advanced and requires access to your server files.
1. Edit the .htaccess File
- Access your website’s root directory via FTP or your hosting file manager.
- Locate the
.htaccessfile and open it for editing. - Add the following code to the top of the file:
RewriteEngine On
RewriteRule ^my-secret-login$ wp-login.php [L]
RewriteRule ^wp-login.php$ - [R=404,L]
RewriteRule ^wp-admin$ - [R=404,L]2. Save the Changes
- Save the
.htaccessfile. - Test the new login URL (e.g.,
https://yourwebsite.com/my-secret-login).
Method 4: Use a Security Plugin
Many WordPress security plugins, such as iThemes Security or All In One WP Security & Firewall, include options to change the login URL.
1. Install a Security Plugin
- Go to your WordPress dashboard.
- Navigate to Plugins > Add New.
- Search for a security plugin like iThemes Security or All In One WP Security & Firewall.
- Install and activate the plugin.
2. Change the Login URL
- Go to the plugin’s settings page.
- Look for an option like “Change Login URL” or “Rename Login Page”.
- Enter your desired login URL and save the changes.
Important Notes
- Bookmark the New Login URL: After changing the login URL, make sure to bookmark it or save it somewhere safe.
- Test the Changes: Always test the new login URL to ensure it works as expected.
- Backup Your Site: Before making any changes, back up your website to avoid potential issues.
Conclusion
Changing the WordPress admin login URL is a simple yet effective way to enhance your website’s security. Whether you use a plugin, edit the functions.php file, or modify the .htaccess file, the process is straightforward and can significantly reduce the risk of brute force attacks. Choose the method that best suits your technical expertise and website needs.
About The Author
