Securing your WordPress site goes beyond preference; it’s vital for a resilient website. This guide outlines the significance of changing your WordPress login URL, emphasizing the risks tied to the default pathway, and walks you through the process of changing it yourself.
Why Should You Care About Changing Your WordPress Login URL?
Changing your WordPress login URL matters for one reason: security. The default pathways, like `/wp-login.php` or `/wp-admin/`, are widely known and targeted by automated bots attempting to guess usernames and passwords, resulting in brute-force attacks. This predictability increases vulnerability and exposes your site to automated scans actively searching for vulnerabilities. By altering your default login URL to something unique and less predictable, you strategically safeguard your website, minimizing the risks tied to standard login pathways.
Why Use a Plugin to Change Your WordPress Login URL: Simplifying Security
Plugins stand out as the go-to solution to make this process accessible to a broader audience. They offer a user-friendly interface, quick implementation, reduced risk of errors, additional security features, compatibility assurance, and ease of reversal—making the login URL change accessible to website owners with varying levels of expertise.
User-Friendly Interface:
Plugins provide an intuitive interface that doesn’t require any coding skills. This means even those with limited technical knowledge can seamlessly navigate through the plugin settings. The graphical interface simplifies the entire process, making it accessible to users with varying levels of expertise.
Quick Implementation:
Time is of the essence when it comes to security measures. Plugins expedite the process, allowing anyone to change their login URL with just a few clicks. This swift implementation reduces the time spent on manual coding and editing, making it an efficient solution for website owners.
Reduced Risk of Errors:
For those not well-versed in coding, the risk of errors looms large when manually modifying code. Plugins minimize this risk, ensuring that even users without coding expertise can make changes without the fear of introducing syntax errors or other coding mistakes. This is particularly beneficial for maintaining a stable and error-free website.
Additional Security Features:
Beyond the primary function of changing the login URL, many plugins offer supplementary security features. This might include mechanisms to limit login attempts, enforce strong password policies, or block IP addresses exhibiting suspicious behavior. Choosing a plugin not only addresses URL modification but enhances overall security.
Ease of Reversal:
Flexibility is a key aspect of using plugins. If, for any reason, you need to revert to the default login URL or make further changes, plugins often provide a convenient way to do so through their settings. This ease of reversal ensures that website owners can adapt their security measures without encountering cumbersome processes.
Changing the Login URL with a Plugin
In this example, we’ll be using Melapress Login Security, a plugin that is quite popular with the ManageWP user base.
Step 1: Activate the Plugin
Install and activate the Melapress Login Security plugin from the WordPress Plugin Directory.
Step 2: Change the Login URL
1. Go to “Login Security > Settings” in the WordPress dashboard with the plugin activated.
2. Click “Hide Login Page” to access the URL modification settings.
3. In the “Login page URL” field, enter the new custom login URL you want.
4. Optionally, in the “Old login page URL redirect” field, set a redirect URL for anyone trying to access the old default login URL.
5. Click “Save Changes” to apply the modifications.
Whenever you install a plugin, we recommend following the plugin author’s recommendations and reading the Installation Tips. By following these instructions, you can effectively change both `/wp-login.php` and `/wp-admin/` and come a step closer to fortifying your website.
Will this affect the way I use ManageWP?
If your website has a custom login URL, connecting it to ManageWP might require one additional step, depending on how you choose to connect. The first step is the same, requiring you to fill in your website’s URL. After filling in your website URL, you can choose to establish the connection using your admin login credentials or your ManageWP connection key.
If you opt for admin login credentials, you’ll be prompted to fill in your login slug after filling in the URL. After you do this, you will be prompted to log into your website as if it were the default login URL.
If you opt for the connection key, you bypass the slug prompt entirely. This ensures a smooth connection process, making it no different from connecting a website with the default login URL.
What Happens If You Change the Login URL After Connecting to ManageWP?
If you change the login URL after the website has already been connected to ManageWP, the connection remains unchanged. There’s no need for intervention of any kind.
Additionally, extensive testing has confirmed the compatibility of most well-known plugins, Melapress included, assuring that changing the login URL using a plugin should not cause any connectivity issues.
In summary, fortifying your WordPress login security by changing your default login URL is a practical and straightforward process we believe everyone should do. Do you agree with us?
Shane
I’m a big fan of WordPress but their standard wp-admin login page I agree leaves a lot to be desired in terms of security. Much better to change the URL so plugins like this are a welcome addition to the functionality of the CMS.
Laretue
I changed my sites’ login url to decrease uninvited logins but the plugin i used recently stopped working so it got turned to default any good plugin you can suggest?
Muideen Samuel
Thanks for taking your time to write this article, I installed the plugin but it’s not activating on my blog.
any solution to that?
Nirmal Kumar
Thanks for the tutorial, Clifford. I will have to change my login URL. I am receiving too many login attempts from bots. It’s my Jetpack plugin blocking all these so far.
Bryan
But the default way to find the login page for WP developments for attacking purposes is not to try wp-login.php, it’s to try /login. For a while now using /login or /register will redirect you to the appropriate WP pages. If you want to beat the hackers, you should really get up-to-date on how they break into WP sites. The only way to really keep your wp-admin dash secure is to whitelist your IP address, https://www.wpoptimus.com/912/ban-ip-addresses-login-wordpress-dashboard/
Jan Atsma
This article had run out of time. But WHERE in the current interface of ManageWP one change the login url?
Nemanja Aleksic
Changing the login URL is essentially hacking the core, and could pose problems with other plugins. That’s why ManageWP does not have this option.
Check out my mens club
Hi there this is somewhat of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML.
I’m starting a blog soon but have no coding skills so I wanted to get guidance from someone with experience.
Any help would be greatly appreciated!
dating
Hey very cool blog!! Guy .. Excellent .. Amazing ..
I’ll bookmark your blog and take the feeds also?
I’m happy to find a lot of helpful information here within the
publish, we’d like work out more strategies on this regard,
thanks for sharing. . . . . .
nikhil davasam
how is wordpress.com login different from /wp-login/
Abhishek K R
thank you
Obtenir-plus-prospects-referencement
For me, All in one WP Security display a “page not available” error when I try to log in to the new admin url. I tried to change .htaccess name to deactivate it without success, same after reloading a complete ftp backup and it is just after having restored the DB that I have been able to log in again to the admin. Now I activate the cookie based brute force protection but the /wp-admin/ is still available. :/
jer
One thing i realized recently was that , if you want to see if a site is wordpress you can just type http://www.example.com/robots.txt
So is it possible to change that also
Thabiso
Hi used this plug-in on my site to change the wp-admin url, now nun of my logins work…please help.
Aysad Kozanoglu
Change the following line in files to your changed custom renamed login php file
for example XXADM.php
wp-includes/general-template.php
:line 307
$logout_url = add_query_arg($args, site_url(‘XXADM.php’, ‘login’));
wp-login.php
:line 473
$redirect_to = ‘XXADM.php?loggedout=true’;
:line 897
<form name="loginform" id="loginform" action="” method=”post”>
travel umroh
nice article.
i have try it in my wp site. send me email if you have another like this.
good lucky
daryl farahi
Thanks for sharing such important information. It will help me and my clients as well.
Many Thanks-Daryl
Robert
Hi there,
This seems what I am looking for.
I’m already using Ninjafirewall. Is this plugin compatible or will they bite each other?
Cheers,
Robert
Mike piter
Thank you Clifford Paulick. I am following your posts for some time and every time i get great tips. i already change my admin url but how to change now using my database?
blog teknologi
Hello, your antispam plugin eated my comment, don’t wanna write it again : /
Abhishek Kumawat
Thanks for sharing this plugin.. Its Awesome 🙂
Sandip Maji
Thanks Clifford, it’s really so simple and helpful.
tekinfom
This very complete and straightforward to become practiced in the least, but I‘d like to question, if there will be free tools available which will tell us wordpress login URL? I fear that in case for instance there will be such tools, hackers can easily certainly determines the login URL.
aamir saleh
Hi Clifford Thanks for such an easy explanation, you are great 🙂
Peter
to all guys who post their website here. Much better you don’t do this because so everyone knows you website now and that you use such kind of plugin.
Kat Rostova
I locked myself out of my site and started to freak out a bit. I deleted the plugin folder in my control panel through my host and was still locked out. Then I remembered that the plugin asked to modify the htaccess file and so I went in there and found the code it added and removed it. All better again. Maybe I should read this entire article before I mess around with it again. ps. I whitelisted my ip but it just kept saying that the page was not found.
Dean
Thanks for your great article. For those who search a bit more, see the WP Hide & Security Enhancer https://wordpress.org/plugins/wp-hide-security-enhancer/ This one completely hide old login urls, all other solutions appear to redirect to a 404 error page which indicate the initial url existence.
Aman
Thanks guys!
John
I was looking for something to simply change my register and wp-admin links and fell on your article. It’s a very interesting article and enjoyed reading it. I think the plugin is ineterting as well, however the steps that you explain to take after installing fail to mention that the plugin needs the pro version which is a minimum of $80/year and up. So I was a little disspointed to find this out only at the end of reading and installing the plugin simply to change 3 links. So I simply uninstalled it. Would just be nice to mention that beforehand. Otherwise, as I stated above, great article on security.
Wishing you a great day!
Larry
Recently, I`ve been looking in to adding additional layers of security to my wife`s website (it got pharma hacked) & one of the plugins I looked into was Stealth Login, which is apparently still in business, periodically updated (it was last updated 12 months ago & currently is listed as compatible with WP ver. 3.4.5 or higher), & being used on WP ver. 4.4.10 with no complaints about incompatibility so far. You can go look at “https://wordpress.org/plugins/stealth-login-page/”.
danifin
Yes allright
menganti
superrr. definitely try on my wp blog
Mohit Chauhan
This article was indeed very useful as nobody wants to get there WordPress hacked! I have changed my URL , thanks for letting us know about this wonderful plugin.
Clifford Paulick
Glad to help!
Giovanni
Great article but now is call ithemes security and in free version only one login access can change.
Baguz
This is a good idea to change wp-admin and wp-login url. Because i get many brute force attack in my wp site
Vikas Mehra
Thanks by using this method i will secure blog
prince mehra
Thanks for sharing this valuable information…
I definitely try on my wp blogs
Asad Hanif
Hey clifford, is there any method to change the whole wp login page code with our custom made code? because someone told me that every wp developers knows the complete structure of wordpress so its very easy to them to hack any wp website. what do u think about this scenario?
Clifford Paulick
Hi Asad. Thanks for your question. This is a common statement regarding all open source software, which is outside the scope of this blog article so I won’t reply to that question. Regarding the code, you can view all the actual wp-login screen code at https://github.com/WordPress/WordPress/blob/master/wp-login.php
I hope this information helps you.
Mokamula 2016
Thanks, now i can login to my wordpress 😀
Mushroomali
in this way , my blog more secure
Khairul Anwar
thank you, this is very helpful and reduce my worries to my web-site
tempat Wisata
thankyou for tutorial, I never think about it before…. before I use wp-admin and now I was succes change it… nice information,, I like this post 🙂 Im from indonesia, sorry about spelling..
cira
nice one! i would try this to my personel website.. is the plugin free?
Michael
Thanks. I wonder if this will cause issues for further updates? i.e. WP core and plugins?
Clifford Paulick
Hi Michael. It shouldn’t. However, this post was written prior to iThemes acquiring the plugin, rebranding it, and making significant changes. However, I’d guess this functionality remains and wouldn’t cause issues for future updates. It’s been a couple years since I looked at it, but I believe it’s accomplished via HTACCESS… but don’t quote me on that.
mallkota
nice trick
harga honda mobilio
are this plugin its free…
harga mobil honda
its helping to me to secure my site.
Jual mebel jepara
i have not to acces login
Rio
I finally found a tutorial that I was looking for this .. thanks
t.abrahams001
thank you thank you thank you both for manageWP plugin AND for this super helpful solution to redirecting my login to a custom url!!!
Ade
This plugin I was looking for, thank you for writing a very helpful awakening my wordpress blog securely.
Firman Kehilangan
i think this tutorial is amazing. I’ve been looking for a way change the name of the admin and this time I found. I’am wordpress user. I will try on my website. Thank you so much.
corvusmile
Thanks for making clear how itheme security (former better wp security) changes the log-in URL.
You just save my day.
Thanks.
obat pembesar penis
You can change the login URL using a one-liner in the
Imtiaz Ahmed
Can you please tell me, will it work on Arvixe VPS? Really amazing post.
Clifford Paulick
Hi Imtiaz. I don’t know of any reason why it would not. However, this plugin has gone through significant changes since this post.
Abinash Mohanty
Thanks for the tips! It worked 🙂
Clifford Paulick
Thanks for letting us know. Glad to hear! I’m sure it’s even better now that iThemes took it over.
Khairul Nizam
hope it works as it mentioned…thumbs up buddy.
Jasa seo
its amazing. definitely try on my wp blogs.. hope it works as it mentioned…
Gregg
I use this plugin on my WP multisite installation. However when I hide the back end, that bit works fine and relocates the login page to the slug I have chosen. Its after that is the problem… I enter my user / pwd and then rather than get to the wp-admin backend instead I just get a 404 page not found error?
Tried googling the issue but cant find anything that helps. Spent 4 hours today trying to work it out (fyi my coding knowledge and htaccess knowledge is very basic)
Any suggestions?
Clifford Paulick
As this post was written over a year ago and has since become iThemes Security plugin ( http://ithemes.com/2014/03/17/better-wp-security-plugin-changing-ithemes-security-need-know/ ), I’d say the best solution is to contact official support. Hope you get it worked out.
Arpit Vimal
Sounds good…that we can change the login address of WordPress blogs.
sutopo sasuke
This is a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more … good luck
Venus
I will definitely change my login url, that’s the reason why im reading this post right now. i have wordfence installed on my wordpress site and keep emailing me that there was someone who tried to login using my admin username for 20 times nad then, BAM! my site is down with a database error i takes an hour before it went back really frustrating.
Rudi Nazar
This very complete and easy to be practiced at all, but I want to ask, if there are free tools out there that can tell us wordpress login URL? I fear that if for example there are such tools, hackers can easily certainly determines the login URL.
M
Better WP Security completely locked me out of my site and made some HORRIBLE changes to my databases that I did not authorise. I would avoid this plugin like the plague!
Clifford Paulick
Sorry to hear that, M. I haven’t used BWPS recently, but I have had experiences where it didn’t do something right, I restored a backup, tried again, and then it worked. Always take backups. Hope you don’t have any long-term damage. Need backups for the future? Consider https://managewp.com/user-guide/how-to-use-managewp/backup ManageWP’s backup solution.
Lone
Similar results here. It was a disaster.
Hemant Aggarwal
Can’t we just add
RewriteRule ^login$ http://www.mywebsite.com/wp-login.php [NC,L]to our htaccess file to do this ?Clifford Paulick
The goal is not to redirect wp-login.php. Instead, we want wp-login.php to not work.
Robinsh
Yesterday I enabled my WP site for anyone to register as a subscriber but what I saw there was more than 100 fake accounts created by the bots and that’s why I was searching and found your post to help myself .
Gene
Definitely NOT awesome. Installed and setup without a problem but hours later when I went to log in to my admin panel I’m redirected to a 404 page not not found. Great. Now I can’t get in my site and have no clue how to fix what this crap broke.
Clifford Paulick
Hi Gene. Sorry that you’ve experienced troubles. Assuming your hosting isn’t a conflicting factor here, just SFTP into your site and edit your main .htaccess file. You can delete the lines added by BWP and you should be able to use /wp-login.php again. Once in wp-admin, you can disable the BWP plugin and try another (see previous comments) or just try to setup BWP again. Hope you get it figured out soon.
Gene
First and foremost, I apologize for having used horrible manners and not asking for help properly. No excuse for that.
I did go in to the .htaccess and it was simple enough to fix, have gained full access once again, thank you. Now I wonder, can I completely uninstall the plugin or do I need to restore the backup made just prior to executing Better WP Security?
Clifford Paulick
Once you un-do all the BWP settings, you can simply deactivate the plugin instead of needing to revert to a previous restore point.
Ukraina
Its actual problem to change defaul wp-login.
If plugin will do something wrong – i just may clean up htaccess manually.
Clifford Paulick
I don’t exactly understand your point, but I agree it’s bad to change WP core files, if that’s what you’re pointing out (which this plugin does not do).
marco
I got the plugin working, but when I go the site.nl/login it just redirects me to .nl/wp-login.php.
What did I do wrong?
Clifford Paulick
Hi Marco. I’m not sure without seeing your setup, but I’d follow the steps closely just to double-check if you missed something.
Mat Riexinger
I’m confused as to why the developers of WordPress don’t implement a system to eliminate more of the threats they’ve been plagued with for a few years now.
Mat Riexinger
White Label Branding plugin on Codecanyon also allows you to make this change. There’s since been a few others that have come along as well.
Hide my wordpress is pretty sensitive though because if you do the wrong thing, or another plugin blocks it’s full functionality due to a conflict from their code, you can be locked out of your site.
Clifford Paulick
Thanks for sharing your experiences.
Oleh
Hello, your antispam plugin eated my comment, don’t wanna write it again:/
Tom Ewer
Sorry Oleh 🙁 I don’t see the comments in the spam folder so it must have already been deleted.
Mohit
wow that really impressive, now i can change my WP site login url.
thanks for the tips.
Akash Deep Satpathi
Thanks for sharing this Clifford! I want to know, is there any other plugin available which can help me to change the login URL? As Better WP Security plugin was not working on my site when I was first time tried it. So, any idea?
Clifford Paulick
Hi Akash. I’ve never had a problem with Better WP Security on my hosting setups, but I’ve seen quite a few people mention this. The only issue I’ve had with BWP is on multisite when trying to create a new site with BWP active (didn’t work).
Your question has good timing because Stealth Login Page just released an update with full multisite support, which makes it my new #1 if it works as I hope it will… I’m planning to try it out soon.
There’s another plugin to consider from CodeCanyon called Hide My WP (see other comment for the link).
Let me know if Stealth Login Page works for you and if its on single or multi.
Akash Deep Satpathi
Okay, recently I get Better WP Security in work. There was some problem between Wordfense and in it. And going to try the plugin you suggested, thanks! 🙂
Clifford Paulick
Let me know if Stealth Login Page works for you.
Tim
After installing Better WP Security everything works well except now my green box doesn’t pop up when a client uses my contact form 7. The green box used to confirm that the email was sent successfully. Any thoughts on this? I am receiving the emails.
Clifford Paulick
I don’t use CF7 personally so I haven’t experienced this (and I don’t know what green box pop up you’re referring to — the submission text?), but a quick Google search indicated to me several reports of the reCAPTCHA possibly having an issue with both of these installed. Have you tried CF7 + BWP active without reCAPTCHA on CF7?
Virtual Web Solutions
Thanks for sharing such important information. It will help me and my clients as well.
Many Thanks.
Clifford Paulick
Glad to hear it!
Sudeep Acharya
Hi Clifford,
Actually I had to leave this amazing plugin because it shows ‘internal server error’ after some hours of installation,I checked with some of the experts like you,they told me that the plugin is not updated which is creating the issue.
If you can help me on this,I will give another try to this plugin.
Having said that my host is awardspace.(paid basic shared hosting plan)
Clifford Paulick
Sorry it didn’t work for your server setup. There are several “LAMP Checker” plugins out there and maybe double-check some permissions. Maybe your server setup doesn’t have some common PHP extensions enabled; I don’t know. But you can see the WordPress Support history and know that the BWP team has a lot of users and support threads. Keeping in mind it’s a free plugin, I think less than 100% support is understandable. However, they did recently start offering premium installation and support if that interests you. I haven’t downloaded it, but I’ve heard good things about this CodeCanyon product that has a similar feature and additional features: Hide My WP.
Almaare
its amazing. definitely try on my wp blogs.. hope it works as it mentioned…
thumbs up buddy.
Derrick
I did this but it just redirects.
Is there another step involved or is this method already outdated?
Thnx
Clifford Paulick
Derrick, if you tell me what you input as your settings, what is redirecting, and where it’s redirecting to, I might be able to help. However, it’s all pretty straight forward since it’s all done via the main WordPress installation’s .htaccess file. If you ever get “locked out”, you could always delete the #BETTER WP SECURITY lines in the file via FTP/SFTP and then the /wp-login.php will work again via direct access. If you figure it out yourself, great. If you need help, comment here, post in the Better WP Security plugin’s support forum, or email me from http://tourkick.com/contact/
Toby Brommerich
Installing WordPress from scratch actually allows you to set the username of the first Admin user. It has for several versions.
Clifford Paulick
Yup. Still good not to have a user with ID #1, especially not an administrator. Both can be resolved by the Better WP Security plugin if not done at initial installation. 🙂
webmaster
You can change the login URL using a one-liner in the .htaccess file:
RewriteRule ^login$ http://www.mywebsite.com/wp-login.php [NC,L]
Changing mywebsite.com with your own domain name.
You would then login at http://www.mywebsite.com/login
Cheerz,
Wil.
Clifford Paulick
Hi Wil. Directly editing the .htaccess file is possible, but not everyone’s comfortable doing that. Plus, the Better WP Security plugin does a lot of other good stuff. Additionally, the goal is to get the login to “move” not just be “redirected to” because that doesn’t hide wp-login.php from being directly accessed. For those that wish to use it, though, thanks for the sharing.
Darnell Jackson
Excellent post I’ll save this for my wordpress security round up post.
I think there are a few holes that you mentioned that most webmasters have.
However, the best security is a good recent backup.
Clifford Paulick
Great to hear, Darnell. There’s a lot more to the Better WP Security plugin.