Change Your WordPress Login URL

Predrag Zdravkovic

January 30, 2024

Securing your WordPress site goes beyond preference; it’s vital for a resilient website. This guide outlines the significance of changing your WordPress login URL, emphasizing the risks tied to the default pathway, and walks you through the process of changing it yourself.

Why Should You Care About Changing Your WordPress Login URL?

Changing your WordPress login URL matters for one reason: security. The default pathways, like `/wp-login.php` or `/wp-admin/`, are widely known and targeted by automated bots attempting to guess usernames and passwords, resulting in brute-force attacks. This predictability increases vulnerability and exposes your site to automated scans actively searching for vulnerabilities. By altering your default login URL to something unique and less predictable, you strategically safeguard your website, minimizing the risks tied to standard login pathways.

Why Use a Plugin to Change Your WordPress Login URL: Simplifying Security

Plugins stand out as the go-to solution to make this process accessible to a broader audience. They offer a user-friendly interface, quick implementation, reduced risk of errors, additional security features, compatibility assurance, and ease of reversal—making the login URL change accessible to website owners with varying levels of expertise.

User-Friendly Interface:

Plugins provide an intuitive interface that doesn’t require any coding skills. This means even those with limited technical knowledge can seamlessly navigate through the plugin settings. The graphical interface simplifies the entire process, making it accessible to users with varying levels of expertise.

Quick Implementation:

Time is of the essence when it comes to security measures. Plugins expedite the process, allowing anyone to change their login URL with just a few clicks. This swift implementation reduces the time spent on manual coding and editing, making it an efficient solution for website owners.

Reduced Risk of Errors:

For those not well-versed in coding, the risk of errors looms large when manually modifying code. Plugins minimize this risk, ensuring that even users without coding expertise can make changes without the fear of introducing syntax errors or other coding mistakes. This is particularly beneficial for maintaining a stable and error-free website.

Additional Security Features:

Beyond the primary function of changing the login URL, many plugins offer supplementary security features. This might include mechanisms to limit login attempts, enforce strong password policies, or block IP addresses exhibiting suspicious behavior. Choosing a plugin not only addresses URL modification but enhances overall security.

Ease of Reversal:

Flexibility is a key aspect of using plugins. If, for any reason, you need to revert to the default login URL or make further changes, plugins often provide a convenient way to do so through their settings. This ease of reversal ensures that website owners can adapt their security measures without encountering cumbersome processes.

Changing the Login URL with a Plugin

In this example, we’ll be using Melapress Login Security, a plugin that is quite popular with the ManageWP user base.

Step 1: Activate the Plugin

Install and activate the Melapress Login Security plugin from the WordPress Plugin Directory.

Step 2: Change the Login URL

1. Go to “Login Security > Settings” in the WordPress dashboard with the plugin activated.

2. Click “Hide Login Page” to access the URL modification settings.

3. In the “Login page URL” field, enter the new custom login URL you want.

4. Optionally, in the “Old login page URL redirect” field, set a redirect URL for anyone trying to access the old default login URL.

5. Click “Save Changes” to apply the modifications.

Whenever you install a plugin, we recommend following the plugin author’s recommendations and reading the Installation Tips. By following these instructions, you can effectively change both `/wp-login.php` and `/wp-admin/` and come a step closer to fortifying your website.

The view of the administrator page of Melapress Login Security plugin

Will this affect the way I use ManageWP?

If your website has a custom login URL, connecting it to ManageWP might require one additional step, depending on how you choose to connect. The first step is the same, requiring you to fill in your website’s URL. After filling in your website URL, you can choose to establish the connection using your admin login credentials or your ManageWP connection key.

If you opt for admin login credentials, you’ll be prompted to fill in your login slug after filling in the URL. After you do this, you will be prompted to log into your website as if it were the default login URL.

ManageWP Add Website screen showing custom login slug prompt

If you opt for the connection key, you bypass the slug prompt entirely. This ensures a smooth connection process, making it no different from connecting a website with the default login URL.

What Happens If You Change the Login URL After Connecting to ManageWP?

If you change the login URL after the website has already been connected to ManageWP, the connection remains unchanged. There’s no need for intervention of any kind.

Additionally, extensive testing has confirmed the compatibility of most well-known plugins, Melapress included, assuring that changing the login URL using a plugin should not cause any connectivity issues.

In summary, fortifying your WordPress login security by changing your default login URL is a practical and straightforward process we believe everyone should do. Do you agree with us?

author

Predrag Zdravkovic

If you read Alice in Wonderland you might remember him as the majestic caterpillar making yourself question who YOU really are. Unlike his literary twin, he has more than enough patience and sometimes even a kind word or two. Special educator and SLP by design, getting down to the cause of the problem is what he does best.

108 responses

Darnell Jackson

March 1, 2013

Excellent post I’ll save this for my wordpress security round up post.

I think there are a few holes that you mentioned that most webmasters have.

However, the best security is a good recent backup.

Reply
webmaster@limecanvas.com

March 5, 2013

You can change the login URL using a one-liner in the .htaccess file:
RewriteRule ^login$ http://www.mywebsite.com/wp-login.php [NC,L]

Changing mywebsite.com with your own domain name.

You would then login at http://www.mywebsite.com/login

Cheerz,
Wil.

Reply
Toby Brommerich

March 5, 2013

Installing WordPress from scratch actually allows you to set the username of the first Admin user. It has for several versions.

Reply
Derrick

March 12, 2013

I did this but it just redirects.

Is there another step involved or is this method already outdated?

Thnx

Reply
Almaare

April 16, 2013

its amazing. definitely try on my wp blogs.. hope it works as it mentioned…

thumbs up buddy.

Reply
Sudeep Acharya

April 30, 2013

Hi Clifford,

Actually I had to leave this amazing plugin because it shows ‘internal server error’ after some hours of installation,I checked with some of the experts like you,they told me that the plugin is not updated which is creating the issue.
If you can help me on this,I will give another try to this plugin.
Having said that my host is awardspace.(paid basic shared hosting plan)

Reply
Virtual Web Solutions

May 15, 2013

Thanks for sharing such important information. It will help me and my clients as well.

Many Thanks.

Reply
Tim

May 17, 2013

After installing Better WP Security everything works well except now my green box doesn’t pop up when a client uses my contact form 7. The green box used to confirm that the email was sent successfully. Any thoughts on this? I am receiving the emails.

Reply
Akash Deep Satpathi

June 3, 2013

Thanks for sharing this Clifford! I want to know, is there any other plugin available which can help me to change the login URL? As Better WP Security plugin was not working on my site when I was first time tried it. So, any idea?

Reply
Mohit

June 21, 2013

wow that really impressive, now i can change my WP site login url.
thanks for the tips.

Reply
Oleh

June 25, 2013

Hello, your antispam plugin eated my comment, don’t wanna write it again:/

Reply
Mat Riexinger

July 22, 2013

White Label Branding plugin on Codecanyon also allows you to make this change. There’s since been a few others that have come along as well.

Hide my wordpress is pretty sensitive though because if you do the wrong thing, or another plugin blocks it’s full functionality due to a conflict from their code, you can be locked out of your site.

Reply
Mat Riexinger

July 22, 2013

I’m confused as to why the developers of WordPress don’t implement a system to eliminate more of the threats they’ve been plagued with for a few years now.

Reply
marco@mvpromos.nl

July 27, 2013

I got the plugin working, but when I go the site.nl/login it just redirects me to .nl/wp-login.php.

What did I do wrong?

Reply
Ukraina

August 9, 2013

Its actual problem to change defaul wp-login.
If plugin will do something wrong – i just may clean up htaccess manually.

Reply
Gene

August 20, 2013

Definitely NOT awesome. Installed and setup without a problem but hours later when I went to log in to my admin panel I’m redirected to a 404 page not not found. Great. Now I can’t get in my site and have no clue how to fix what this crap broke.

Reply
Robinsh

September 18, 2013

Yesterday I enabled my WP site for anyone to register as a subscriber but what I saw there was more than 100 fake accounts created by the bots and that’s why I was searching and found your post to help myself .

Reply
Hemant Aggarwal

October 3, 2013

Can’t we just add RewriteRule ^login$ http://www.mywebsite.com/wp-login.php [NC,L] to our htaccess file to do this ?

Reply
M

December 4, 2013

Better WP Security completely locked me out of my site and made some HORRIBLE changes to my databases that I did not authorise. I would avoid this plugin like the plague!

Reply
Rudi Nazar

January 1, 2014

This very complete and easy to be practiced at all, but I want to ask, if there are free tools out there that can tell us wordpress login URL? I fear that if for example there are such tools, hackers can easily certainly determines the login URL.

Reply
Venus

February 10, 2014

I will definitely change my login url, that’s the reason why im reading this post right now. i have wordfence installed on my wordpress site and keep emailing me that there was someone who tried to login using my admin username for 20 times nad then, BAM! my site is down with a database error i takes an hour before it went back really frustrating.

Reply
sutopo sasuke

February 18, 2014

This is a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more … good luck

Reply
Arpit Vimal

March 3, 2014

Sounds good…that we can change the login address of WordPress blogs.

Reply
Gregg

March 13, 2014

I use this plugin on my WP multisite installation. However when I hide the back end, that bit works fine and relocates the login page to the slug I have chosen. Its after that is the problem… I enter my user / pwd and then rather than get to the wp-admin backend instead I just get a 404 page not found error?

Tried googling the issue but cant find anything that helps. Spent 4 hours today trying to work it out (fyi my coding knowledge and htaccess knowledge is very basic)

Any suggestions?

Reply
Jasa seo

March 22, 2014

its amazing. definitely try on my wp blogs.. hope it works as it mentioned…

Reply
Khairul Nizam

April 3, 2014

hope it works as it mentioned…thumbs up buddy.

Reply
Abinash Mohanty

April 10, 2014

Thanks for the tips! It worked 🙂

Reply
Imtiaz Ahmed

June 6, 2014

Can you please tell me, will it work on Arvixe VPS? Really amazing post.

Reply
obat pembesar penis

August 27, 2014

You can change the login URL using a one-liner in the

Reply
corvusmile

August 27, 2014

Thanks for making clear how itheme security (former better wp security) changes the log-in URL.
You just save my day.
Thanks.

Reply
Firman Kehilangan

August 29, 2014

i think this tutorial is amazing. I’ve been looking for a way change the name of the admin and this time I found. I’am wordpress user. I will try on my website. Thank you so much.

Reply
Ade

September 30, 2014

This plugin I was looking for, thank you for writing a very helpful awakening my wordpress blog securely.

Reply
t.abrahams001@gmail.com

October 10, 2014

thank you thank you thank you both for manageWP plugin AND for this super helpful solution to redirecting my login to a custom url!!!

Reply
Rio

December 17, 2014

I finally found a tutorial that I was looking for this .. thanks

Reply
Jual mebel jepara

March 17, 2015

i have not to acces login

Reply
harga mobil honda

March 20, 2015

its helping to me to secure my site.

Reply
harga honda mobilio

March 20, 2015

are this plugin its free…

Reply
mallkota

March 26, 2015

nice trick

Reply
Michael

April 5, 2015

Thanks. I wonder if this will cause issues for further updates? i.e. WP core and plugins?

Reply
cira

April 10, 2015

nice one! i would try this to my personel website.. is the plugin free?

Reply
tempat Wisata

June 18, 2015

thankyou for tutorial, I never think about it before…. before I use wp-admin and now I was succes change it… nice information,, I like this post 🙂 Im from indonesia, sorry about spelling..

Reply
Khairul Anwar

August 13, 2015

thank you, this is very helpful and reduce my worries to my web-site

Reply
Mushroomali

August 19, 2015

in this way , my blog more secure

Reply
Mokamula 2016

October 22, 2015

Thanks, now i can login to my wordpress 😀

Reply
Asad Hanif

November 30, 2015

Hey clifford, is there any method to change the whole wp login page code with our custom made code? because someone told me that every wp developers knows the complete structure of wordpress so its very easy to them to hack any wp website. what do u think about this scenario?

Reply
prince mehra

December 5, 2015

Thanks for sharing this valuable information…
I definitely try on my wp blogs

Reply
Vikas Mehra

December 5, 2015

Thanks by using this method i will secure blog

Reply
Baguz

December 12, 2015

This is a good idea to change wp-admin and wp-login url. Because i get many brute force attack in my wp site

Reply
Giovanni

January 8, 2016

Great article but now is call ithemes security and in free version only one login access can change.

Reply
Mohit Chauhan

February 15, 2016

This article was indeed very useful as nobody wants to get there WordPress hacked! I have changed my URL , thanks for letting us know about this wonderful plugin.

Reply
menganti

February 27, 2016

superrr. definitely try on my wp blog

Reply
Larry

March 4, 2016

Recently, I`ve been looking in to adding additional layers of security to my wife`s website (it got pharma hacked) & one of the plugins I looked into was Stealth Login, which is apparently still in business, periodically updated (it was last updated 12 months ago & currently is listed as compatible with WP ver. 3.4.5 or higher), & being used on WP ver. 4.4.10 with no complaints about incompatibility so far. You can go look at “https://wordpress.org/plugins/stealth-login-page/”.

Reply
John

March 9, 2016

I was looking for something to simply change my register and wp-admin links and fell on your article. It’s a very interesting article and enjoyed reading it. I think the plugin is ineterting as well, however the steps that you explain to take after installing fail to mention that the plugin needs the pro version which is a minimum of $80/year and up. So I was a little disspointed to find this out only at the end of reading and installing the plugin simply to change 3 links. So I simply uninstalled it. Would just be nice to mention that beforehand. Otherwise, as I stated above, great article on security.

Wishing you a great day!

Reply
Dean

March 10, 2016

Thanks for your great article. For those who search a bit more, see the WP Hide & Security Enhancer https://wordpress.org/plugins/wp-hide-security-enhancer/ This one completely hide old login urls, all other solutions appear to redirect to a 404 error page which indicate the initial url existence.

Reply
Kat Rostova

March 23, 2016

I locked myself out of my site and started to freak out a bit. I deleted the plugin folder in my control panel through my host and was still locked out. Then I remembered that the plugin asked to modify the htaccess file and so I went in there and found the code it added and removed it. All better again. Maybe I should read this entire article before I mess around with it again. ps. I whitelisted my ip but it just kept saying that the page was not found.

Reply
Peter

April 21, 2016

to all guys who post their website here. Much better you don’t do this because so everyone knows you website now and that you use such kind of plugin.

Reply
aamir saleh

May 6, 2016

Hi Clifford Thanks for such an easy explanation, you are great 🙂

Reply
tekinfom

May 13, 2016

This very complete and straightforward to become practiced in the least, but I‘d like to question, if there will be free tools available which will tell us wordpress login URL? I fear that in case for instance there will be such tools, hackers can easily certainly determines the login URL.

Reply
Sandip Maji

July 5, 2016

Thanks Clifford, it’s really so simple and helpful.

Reply
Abhishek Kumawat

August 17, 2016

Thanks for sharing this plugin.. Its Awesome 🙂

Reply
blog teknologi

August 18, 2016

Hello, your antispam plugin eated my comment, don’t wanna write it again : /

Reply
Mike piter

September 23, 2016

Thank you Clifford Paulick. I am following your posts for some time and every time i get great tips. i already change my admin url but how to change now using my database?

Reply
Robert

October 26, 2016

Hi there,

This seems what I am looking for.
I’m already using Ninjafirewall. Is this plugin compatible or will they bite each other?

Cheers,
Robert

Reply
daryl farahi

November 10, 2016

Thanks for sharing such important information. It will help me and my clients as well.

Many Thanks-Daryl

Reply
travel umroh

December 2, 2016

nice article.
i have try it in my wp site. send me email if you have another like this.
good lucky

Reply
Aysad Kozanoglu

December 14, 2016

Change the following line in files to your changed custom renamed login php file

for example XXADM.php
wp-includes/general-template.php
:line 307
$logout_url = add_query_arg($args, site_url(‘XXADM.php’, ‘login’));

wp-login.php
:line 473
$redirect_to = ‘XXADM.php?loggedout=true’;
:line 897
<form name="loginform" id="loginform" action="” method=”post”>

Reply
Thabiso

January 6, 2017

Hi used this plug-in on my site to change the wp-admin url, now nun of my logins work…please help.

Reply
jer

February 1, 2017

One thing i realized recently was that , if you want to see if a site is wordpress you can just type http://www.example.com/robots.txt
So is it possible to change that also

Reply
Obtenir-plus-prospects-referencement

February 8, 2017

For me, All in one WP Security display a “page not available” error when I try to log in to the new admin url. I tried to change .htaccess name to deactivate it without success, same after reloading a complete ftp backup and it is just after having restored the DB that I have been able to log in again to the admin. Now I activate the cookie based brute force protection but the /wp-admin/ is still available. :/

Reply
Abhishek K R

February 13, 2017

thank you

Reply
nikhil davasam

February 24, 2017

how is wordpress.com login different from /wp-login/

Reply
dating

March 18, 2017

Hey very cool blog!! Guy .. Excellent .. Amazing ..
I’ll bookmark your blog and take the feeds also?

I’m happy to find a lot of helpful information here within the
publish, we’d like work out more strategies on this regard,
thanks for sharing. . . . . .

Reply
Check out my mens club

April 13, 2017

Hi there this is somewhat of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML.
I’m starting a blog soon but have no coding skills so I wanted to get guidance from someone with experience.
Any help would be greatly appreciated!

Reply
Jan Atsma

August 2, 2017

This article had run out of time. But WHERE in the current interface of ManageWP one change the login url?

Reply
Bryan

August 16, 2017

But the default way to find the login page for WP developments for attacking purposes is not to try wp-login.php, it’s to try /login. For a while now using /login or /register will redirect you to the appropriate WP pages. If you want to beat the hackers, you should really get up-to-date on how they break into WP sites. The only way to really keep your wp-admin dash secure is to whitelist your IP address, https://www.wpoptimus.com/912/ban-ip-addresses-login-wordpress-dashboard/

Reply
Nirmal Kumar

March 30, 2019

Thanks for the tutorial, Clifford. I will have to change my login URL. I am receiving too many login attempts from bots. It’s my Jetpack plugin blocking all these so far.

Reply
Muideen Samuel

July 16, 2019

Thanks for taking your time to write this article, I installed the plugin but it’s not activating on my blog.
any solution to that?

Reply
Laretue

October 15, 2019

I changed my sites’ login url to decrease uninvited logins but the plugin i used recently stopped working so it got turned to default any good plugin you can suggest?

Reply
Shane

December 9, 2022

I’m a big fan of WordPress but their standard wp-admin login page I agree leaves a lot to be desired in terms of security. Much better to change the URL so plugins like this are a welcome addition to the functionality of the CMS.

Reply