Change Your WordPress Login URL

Change Your WordPress Login URL

WordPress’ default login URL is /wp-login.php (or you can just type in /wp-admin/ and it’ll redirect you there if not yet logged in). For example:

You may think to yourself, “OK. Who cares?” There are 3 reasons you should care:

  1. I can tell you’re using WordPress. It’s pretty easy for a hacker to tell if any given website is a WordPress website. You can look at the page’s source and see things like /wp-content/themes/style.css or /wp-content/plugins/…, etc. Once I know your site is a WP site, I now know your login URL is /wp-login.php.
  2. So now I know your login URL. I also know that WordPress creates an “admin” username by default. Now Mr. or Ms. Hacker has your login URL and possibly your login username. Now it’s a matter of guessing your password.
  3. And I’ll try the default username and try to guess your password. Even if you don’t have an “admin” username and you have a strong password (and preferably use a password manager to login so your keyboard’s keystrokes aren’t being logged), the hackers are not aware of this so they’ll just keep trying forever and ever, wasting your server’s resources and possibly taking down your site. (P.S. I hope you’re logging in with HTTPS or through a secure login method like from the ManageWP Dashboard so your password isn’t sent “in the clear” when logging in.)

Did any of that sound like fun? I bet not, but it’s important stuff. At the very least, I hope I’ve scared you into reading the rest of this how-to post because the solution is quick, easy, and painless, and anyone who can install and activate a plugin can do it.

How To Change Your WordPress Login URL

The short answer is to install, activate, and configure the Better WP Security WordPress plugin.

What We’re Doing

With Better WP Security, you’ll be able to change:

  • /wp-login.php to /login/
  • /wp-admin/ to /admin/
  • /wp-login.php?action=register to /register/
  • Or to whatever slugs you choose in the plugin settings


Compatibility might be an issue. Make sure to read and understand all the Better WP Security options before changing any settings. Talk to your web host or developer before continuing if you know you have an unusual setup but aren’t sure how it may be affected by this plugin. I tested with WP Engine and didn’t have any issues. Follow the plugin author’s recommendation and read the Better WP Security Installation Tips and FAQs.

If you already have the site added to ManageWP Dashboard, you’ll need to update your ManageWP options, but it’s quick and easy. Also, please read the ManageWP “Known Issues”, which mentions one of features of the Better WP Security plugin.

Continue reading for all the step-by-step instructions for Better WP Security and updating the ManageWP Dashboard options.

Step By Step Instructions

You really should change your login URL (and by login URL I mean the URLs for logging in, registering, and administration). Here’s how to do it:

Step 1: Take a Full Backup

Duh. Do it with ManageWP. Take a full backup, not just a database backup. Like all backups, verify it’s completed and in your desired location before proceeding to the next step.

Step 2: Install and Activate the Better WP Security plugin

I’ve looked long and hard for a “hide login” plugin and there weren’t many quality choices. And the aptly named Hide Login plugin did not work for me (thank God I was on a WP Engine staging site because I got totally locked out). And there used to be a plugin called Stealth Login which no longer exists.

At the recommendation of several WordPress gurus, I tried Better WP Security for this purpose alone (although it has a bunch of great features), and it worked like a charm right from the start.

Step 3: Setup the Better WP Security Plugin

Once the Better WP Security plugin is installed, follow these steps:

  1. Open the plugin’s wp-admin options page.
  2. Follow the first 3 setup steps as shown in the screenshots below:
    1. Make your backup selection.
    2. Allow the plugin to change WordPress core files (read the warning first).
    3. Click the “Secure My Site From Basic Attacks” button.
  3. Click the “Hide” tab.
    1. Check the “Enable Hide Backend” box.
    2. Enter your desired login, register, and admin slugs or leave them at the plugin’s defaults of “login”, “register”, and “admin”.
    3. Click “Save Changes”.
  4. Don’t forget your new URLs, especially the login URL! You might want to write them down somewhere until you get used to them. Or never need to remember the login URL if you use an auto-login tool like ManageWP (additional steps follow).

Screenshots of each step above are shown below:

Better WP Security 1

Initial Setup Page. Select the backup option you think best. (If you’ve already created a backup with ManageWP, you can skip this backup.)

Better WP Security 2

Setup step 2. Read the instructions and, in general, click to allow changing WordPress core files.

Better WP Security 3

Setup step 3. In general, click the option to allow the plugin to activate its default security settings, since this plugin does more than just change the login URL.

Better WP Security 4

After clicking the “Hide” tab at the top, check the box to enable the feature. Change the text boxes as you desire. Then click “Save”. (Don’t worry; you won’t get logged out upon saving.)

Better WP Security 5

After saving once, you’ll be able to uncheck the box if you want to turn the feature off, or you can leave it checked and just change the login URLs anytime you want.

Step 4: Add (or Re-Add) your Site to the ManageWP Dashboard

If you use ManageWP for the site you’ve changed the login URL for, follow these steps:

  1. Login to your ManageWP Dashboard.
  2. In the left navigation menu, click on the site you changed the login URL for.
  3. Click “Options”.
  4. Change the “Website Admin URL” option from …/wp-admin/ to …/login/ (or whatever you changed it to).
  5. Click “Save Changes” and the window will auto-close after a green “Options Updated” message is displayed for a second or two.
  6. Click on the site again and click the “Site Admin” (or the icon next to it to open it in a new window) to make sure ManageWP can auto-login for you at the new URL.
  7. If you were able to login via ManageWP Dashboard, you’re all done.

Screenshots of each step are below:

Better WP Security 6

Go to your ManageWP Dashboard, click on the site URL and click “Options”.

Better WP Security 7

At the site’s ManageWP Options pop-up, you’ll see your current login URL.

Better WP Security 8

Change the login URL to your new login URL and click “Save Changes”.

Better WP Security 9

Make sure the ManageWP Dashboard can still auto-login for you. Click on the site URL you just updated the options for and click Site Admin link to see if it works.

How the Better WP Security Plugin Changes the Login URL

For some, you might not care how it works; for others, you may want to know all the details. Let’s just say it’s the magic of the .htaccess file.

Without getting too technical, the plugin adds about 30 lines to the top of your main WordPress .htaccess file. That’s really all the magic that’s needed to change the login URLs.

Note: Neither the wp-login.php file nor the wp-config.php file is modified, moved, or renamed.

If you’re a developer looking to learn all the ins and outs of .htaccess files and rules, consider purchasing the .htaccess made easy eBook. To be clear, no knowledge of .htaccess is needed to use the Better WP Security plugin.

More About Better WP Security

The Better WP Security plugin has a lot of features, just one of which is the ability to hide the WordPress login, register, and admin URLs. Here are a few of the additional features included in this free plugin:

  • Additional “security through obscurity” options
  • Change the current WordPress database prefix
  • Rename the default “admin” username
  • Change the ID for the user with ID 1
  • Removes login error messages (so bad login attempts don’t get a hint whether it was the username or the password that was incorrect)
  • Logs 404 errors, bad login attempts, and changes to files

There are many more benefits of using the Better WP Security plugin, and it even works on single sites and Multisite.

Read more about its features at its WordPress plugin page and give it a good rating if it worked well for you.

Change your WordPress login URL today.

Feel free to post a comment below once you’ve done it or if you run into any problems.

Blog post updated on July 17, 2014

Image courtesy of Saxon.

Helps you automate your workflow, so you can focus on things that matter.


Join The Discussion


  1. tekinfom says:

    This very complete and straightforward to become practiced in the least, but I‘d like to question, if there will be free tools available which will tell us wordpress login URL? I fear that in case for instance there will be such tools, hackers can easily certainly determines the login URL.

  2. aamir saleh says:

    Hi Clifford Thanks for such an easy explanation, you are great :)

  3. Peter says:

    to all guys who post their website here. Much better you don't do this because so everyone knows you website now and that you use such kind of plugin.

  4. Kat Rostova says:

    I locked myself out of my site and started to freak out a bit. I deleted the plugin folder in my control panel through my host and was still locked out. Then I remembered that the plugin asked to modify the htaccess file and so I went in there and found the code it added and removed it. All better again. Maybe I should read this entire article before I mess around with it again. ps. I whitelisted my ip but it just kept saying that the page was not found.

  5. Dean says:

    Thanks for your great article. For those who search a bit more, see the WP Hide & Security Enhancer This one completely hide old login urls, all other solutions appear to redirect to a 404 error page which indicate the initial url existence.

  6. John says:

    I was looking for something to simply change my register and wp-admin links and fell on your article. It's a very interesting article and enjoyed reading it. I think the plugin is ineterting as well, however the steps that you explain to take after installing fail to mention that the plugin needs the pro version which is a minimum of $80/year and up. So I was a little disspointed to find this out only at the end of reading and installing the plugin simply to change 3 links. So I simply uninstalled it. Would just be nice to mention that beforehand. Otherwise, as I stated above, great article on security.

    Wishing you a great day!

  7. Larry says:

    Recently, I`ve been looking in to adding additional layers of security to my wife`s website (it got pharma hacked) & one of the plugins I looked into was Stealth Login, which is apparently still in business, periodically updated (it was last updated 12 months ago & currently is listed as compatible with WP ver. 3.4.5 or higher), & being used on WP ver. 4.4.10 with no complaints about incompatibility so far. You can go look at "".

  8. menganti says:

    superrr. definitely try on my wp blog

  9. This article was indeed very useful as nobody wants to get there WordPress hacked! I have changed my URL , thanks for letting us know about this wonderful plugin.

  10. Giovanni says:

    Great article but now is call ithemes security and in free version only one login access can change.

  11. Baguz says:

    This is a good idea to change wp-admin and wp-login url. Because i get many brute force attack in my wp site

  12. Vikas Mehra says:

    Thanks by using this method i will secure blog

  13. prince mehra says:

    Thanks for sharing this valuable information…
    I definitely try on my wp blogs

  14. Asad Hanif says:

    Hey clifford, is there any method to change the whole wp login page code with our custom made code? because someone told me that every wp developers knows the complete structure of wordpress so its very easy to them to hack any wp website. what do u think about this scenario?

  15. Mokamula 2016 says:

    Thanks, now i can login to my wordpress 😀

  16. Mushroomali says:

    in this way , my blog more secure

  17. thank you, this is very helpful and reduce my worries to my web-site

  18. thankyou for tutorial, I never think about it before…. before I use wp-admin and now I was succes change it… nice information,, I like this post :) Im from indonesia, sorry about spelling..

  19. cira says:

    nice one! i would try this to my personel website.. is the plugin free?

  20. Michael says:

    Thanks. I wonder if this will cause issues for further updates? i.e. WP core and plugins?

    • Hi Michael. It shouldn't. However, this post was written prior to iThemes acquiring the plugin, rebranding it, and making significant changes. However, I'd guess this functionality remains and wouldn't cause issues for future updates. It's been a couple years since I looked at it, but I believe it's accomplished via HTACCESS… but don't quote me on that.

  21. are this plugin its free…

  22. its helping to me to secure my site.

  23. i have not to acces login

  24. Rio says:

    I finally found a tutorial that I was looking for this .. thanks

  25. t.abrahams001 says:

    thank you thank you thank you both for manageWP plugin AND for this super helpful solution to redirecting my login to a custom url!!!

  26. Ade says:

    This plugin I was looking for, thank you for writing a very helpful awakening my wordpress blog securely.

  27. i think this tutorial is amazing. I've been looking for a way change the name of the admin and this time I found. I'am wordpress user. I will try on my website. Thank you so much.

  28. corvusmile says:

    Thanks for making clear how itheme security (former better wp security) changes the log-in URL.
    You just save my day.

  29. You can change the login URL using a one-liner in the

  30. Imtiaz Ahmed says:

    Can you please tell me, will it work on Arvixe VPS? Really amazing post.

  31. Thanks for the tips! It worked :)

  32. hope it works as it mentioned…thumbs up buddy.

  33. Jasa seo says:

    its amazing. definitely try on my wp blogs.. hope it works as it mentioned…

  34. Gregg says:

    I use this plugin on my WP multisite installation. However when I hide the back end, that bit works fine and relocates the login page to the slug I have chosen. Its after that is the problem… I enter my user / pwd and then rather than get to the wp-admin backend instead I just get a 404 page not found error?

    Tried googling the issue but cant find anything that helps. Spent 4 hours today trying to work it out (fyi my coding knowledge and htaccess knowledge is very basic)

    Any suggestions?

  35. Arpit Vimal says:

    Sounds good…that we can change the login address of WordPress blogs.

  36. This is a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more … good luck

  37. Venus says:

    I will definitely change my login url, that's the reason why im reading this post right now. i have wordfence installed on my wordpress site and keep emailing me that there was someone who tried to login using my admin username for 20 times nad then, BAM! my site is down with a database error i takes an hour before it went back really frustrating.

  38. Rudi Nazar says:

    This very complete and easy to be practiced at all, but I want to ask, if there are free tools out there that can tell us wordpress login URL? I fear that if for example there are such tools, hackers can easily certainly determines the login URL.

  39. M says:

    Better WP Security completely locked me out of my site and made some HORRIBLE changes to my databases that I did not authorise. I would avoid this plugin like the plague!

  40. Can't we just add <code>RewriteRule ^login$ [NC,L]</code> to our htaccess file to do this ?

  41. Robinsh says:

    Yesterday I enabled my WP site for anyone to register as a subscriber but what I saw there was more than 100 fake accounts created by the bots and that's why I was searching and found your post to help myself .

  42. Gene says:

    Definitely NOT awesome. Installed and setup without a problem but hours later when I went to log in to my admin panel I'm redirected to a 404 page not not found. Great. Now I can't get in my site and have no clue how to fix what this crap broke.

    • Hi Gene. Sorry that you've experienced troubles. Assuming your hosting isn't a conflicting factor here, just SFTP into your site and edit your main .htaccess file. You can delete the lines added by BWP and you should be able to use /wp-login.php again. Once in wp-admin, you can disable the BWP plugin and try another (see previous comments) or just try to setup BWP again. Hope you get it figured out soon.

      • Gene says:

        First and foremost, I apologize for having used horrible manners and not asking for help properly. No excuse for that.

        I did go in to the .htaccess and it was simple enough to fix, have gained full access once again, thank you. Now I wonder, can I completely uninstall the plugin or do I need to restore the backup made just prior to executing Better WP Security?

  43. Ukraina says:

    Its actual problem to change defaul wp-login.
    If plugin will do something wrong – i just may clean up htaccess manually.

  44. marco says:

    I got the plugin working, but when I go the it just redirects me to .nl/wp-login.php.

    What did I do wrong?

  45. I'm confused as to why the developers of WordPress don't implement a system to eliminate more of the threats they've been plagued with for a few years now.

  46. White Label Branding plugin on Codecanyon also allows you to make this change. There's since been a few others that have come along as well.

    Hide my wordpress is pretty sensitive though because if you do the wrong thing, or another plugin blocks it's full functionality due to a conflict from their code, you can be locked out of your site.

  47. Oleh says:

    Hello, your antispam plugin eated my comment, don't wanna write it again:/

  48. Mohit says:

    wow that really impressive, now i can change my WP site login url.
    thanks for the tips.

  49. Thanks for sharing this Clifford! I want to know, is there any other plugin available which can help me to change the login URL? As Better WP Security plugin was not working on my site when I was first time tried it. So, any idea?

  50. Tim says:

    After installing Better WP Security everything works well except now my green box doesn't pop up when a client uses my contact form 7. The green box used to confirm that the email was sent successfully. Any thoughts on this? I am receiving the emails.

    • I don't use CF7 personally so I haven't experienced this (and I don't know what green box pop up you're referring to — the submission text?), but a quick Google search indicated to me several reports of the reCAPTCHA possibly having an issue with both of these installed. Have you tried CF7 + BWP active without reCAPTCHA on CF7?

  51. Thanks for sharing such important information. It will help me and my clients as well.

    Many Thanks.

  52. Hi Clifford,

    Actually I had to leave this amazing plugin because it shows 'internal server error' after some hours of installation,I checked with some of the experts like you,they told me that the plugin is not updated which is creating the issue.
    If you can help me on this,I will give another try to this plugin.
    Having said that my host is awardspace.(paid basic shared hosting plan)

  53. Almaare says:

    its amazing. definitely try on my wp blogs.. hope it works as it mentioned…

    thumbs up buddy.

  54. Derrick says:

    I did this but it just redirects.

    Is there another step involved or is this method already outdated?


    • Derrick, if you tell me what you input as your settings, what is redirecting, and where it's redirecting to, I might be able to help. However, it's all pretty straight forward since it's all done via the main WordPress installation's .htaccess file. If you ever get "locked out", you could always delete the #BETTER WP SECURITY lines in the file via FTP/SFTP and then the /wp-login.php will work again via direct access. If you figure it out yourself, great. If you need help, comment here, post in the Better WP Security plugin's support forum, or email me from <a href="; rel="nofollow"></a&gt;

  55. Installing WordPress from scratch actually allows you to set the username of the first Admin user. It has for several versions.

  56. webmaster says:

    You can change the login URL using a one-liner in the .htaccess file:
    RewriteRule ^login$ [NC,L]

    Changing with your own domain name.

    You would then login at


    • Hi Wil. Directly editing the .htaccess file is possible, but not everyone's comfortable doing that. Plus, the Better WP Security plugin does a lot of other good stuff. Additionally, the goal is to get the login to "move" not just be "redirected to" because that doesn't hide wp-login.php from being directly accessed. For those that wish to use it, though, thanks for the sharing.

  57. Excellent post I'll save this for my wordpress security round up post.

    I think there are a few holes that you mentioned that most webmasters have.

    However, the best security is a good recent backup.

Speak your mind