Looking for a way to change WordPress login URL to secure your WordPress site and keep hackers away from your login page?
By default, WordPress uses yourwebsite.com/wp-admin or yourwebsite.com/wp-login as the site’s login URL. Although it is easy to remember the default login URL of wordpress, the problem is that the default login URL is known by everyone, they can just add /wp-admin to your web address and see your login page.
So to solve this problem in WordPress, you can change the default login URL to a custom one, making it harder for hackers and malicious bots to gain access to your site login page.
In this guide, you will learn the importance of changing the default login URL then I will show you a recommended and easy method for changing your WordPress admin login URL using the WPS Hide plugin. For more advanced users, I will also explain how to change it using the wp-login.php file and by making adjustments to the .htaccess file.
Importance of Changing WordPress Login URL
Changing login URL in wordpress is so important to secure your website from unauthorized users and from spam bots. I will explain the importance of changing the wordpress admin login URL with a very relatable example:
Protection Against Unauthorized Entry: Think of your website as your home, and the login page as the front door. By default, WordPress uses common login URLs that are like leaving your front door unlocked. Changing the login URL is like getting a unique key to your front door. It keeps out unwanted guests, like hackers and bots, who might try to break in.
If you ever find yourself unable to access your login page, you can resolve the issue by following our guide on fixing can’t access my wp-admin page.
Boosting Security: When you have a unique login URL, it’s like having an extra lock on your front door. It adds another layer of security to your site. This deters bad actors from even trying to break into your site using methods like guessing passwords over and over.
Keeping Brute Force Attacks at Bay: Have you heard of ‘brute force attacks’? It’s like someone trying every possible key to open your front door. Changing your login URL means they can’t even find your door to try all those keys, making your site much safer.
Safeguarding Sensitive Data: Imagine your website is like a treasure chest, filled with valuable information. Changing your login URL is like placing a strong lock on that chest, protecting your treasures from being stolen by online pirates.
Preventing Malware Injections: Have you ever heard of online bugs called “malware”? They’re like sneaky digital germs that can infect your website. When you change your login URL, it’s like putting up a strong shield around your front door. This makes it really tough for those bugs to find a way in and cause any harm to your site.
I am certain you loved the explanation and the example I gave you for understanding the importance of changing the login URL in WordPress. So, now let’s get started on changing the login URL.
1) Change WordPress Login URL with Plugin
I usually prefer a method that doesn’t involve using a plugin for advanced users, for small tweaks and customization in WordPress. As many plugins on the website affect its loading speed.
On the other hand, I usually recommend using a plugin for novice users because it simplifies the process. However, for changing the WordPress login URL, I would recommend the plugin method for both advanced and novice users.
The reason for this recommendation is that if you make a mistake while changing the login URL without a plugin, you might end up locked out of your WordPress site.
Re-gaining access without coding knowledge can be quite challenging. Even for advanced users, who can manually change the login URL in WordPress core files, there’s a potential issue.
Whenever you update your WordPress installation, there’s a chance that the settings may revert to the default, exposing your site to potential security risks through the default URL.
To learn how to fix WordPress updating issues, check out this helpful guide on how to fix WordPress updating or publishing failed errors.
So that’s why I recommend using the plugin method for changing your WordPress admin URL for both novice and advanced users. However, if you’re a curious enthusiast and want to explore further, you can certainly consider the alternative methods as well.
So let’s get started on changing the login URL using a plugin.
Changing WordPress Login URL Using WPS Hide Login
WPS Hide Login is a popular and regularly updated plugin for changing the WordPress login URL.
Before you install and activate it, make sure to backup your website. Then go to Plugins > Add New and search for WPS Hide Login.
After installing it, go to Settings > WPS Hide Login. You will see two fields: “Login URL” and “Redirection URL”. In the “Login URL” field, you can enter any text you want as your new login URL. Remember it well, because if you forget it, you will not be able to access your site login page.
For this tutorial, I am using “securelogin” as an example. You can use any text, but avoid using “admin” or your site domain name. Make it unique and hard to guess. In the “Redirection URL” field, you can enter the permalink of the page that you want to show to the users who access the wrong login page. You can leave it as default if you want.
Note: Once you save the changes in the WPS Hide Login plugin, you will be automatically logged out from your site. To log in again, you have to use the custom URL that you just created.
Changing WordPress Login Page Using Change WP Admin Login
Change WP Admin Login is another plugin that you can use to change the WordPress login URL. This plugin is lightweight and simple. It only changes the login URL and does not have any other features.
To use this plugin, you need to install and activate it first. Then go to WordPress Settings > Permalink and find the settings for this plugin.
In the first field, which is Login URL, enter the new login URL that you want to use. Remember it well, because if you lose it, you will not be able to access your login page, and you will have to manually delete the plugin from the WordPress file by using cPanel or FTP to regain access to your site.
In the second field, which is the Redirect URL, you can enter the custom page that you want to show to the users who enter the wrong login URL. Or you can leave it blank and the users will be redirected to the homepage.
After using the plugin method to change the login URL, let’s see how we can do it manually with code in the next method. This is for my readers who are tech geeks and like to play with code.
2) Change WordPress Login URL Without Plugin
I have already recommended using a plugin to change the login URL of your site, but if you prefer coding, then I will show you how to modify your wp-login.php file and add code to your .htaccess file to change your WordPress admin login URL programmatically.
Changing WordPress Login URL By Modifying WP-Login.PHP File
To access your site’s wp-login.php file, go to your file manager from cPanel or FTP and locate the file in the public_html folder.
Download the file and open it in any IDE (I am using Visual Studio IDE here). Press Ctrl + F and paste this line in the search to find your wordpress login URL.
<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">
Replace ‘wp-login.php’ with your custom login URL. For example, if you want “wp-webtalkhub” as your custom login URL then the line should look like this:
<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-webtalkhub', 'login_post' ) ); ?>" method="post">
Save the login.php file with the same name as your new URL which is wp-webtalkhub and upload it back to your server.
As WordPress uses wp-login.php to log out users by default. To change this, use the logout_url and lostpassword_url filter hooks. These hooks let you change the logout and lost password URLs on the login form.
Copy and paste this code into your theme’s functions.php file. Replace “wp-webtalkhub” with your custom login URL in the code. This code will log out users and send them to your new login page.
// Filter & Function to rename the WordPress logout URL
add_filter( 'logout_url', 'my_logout_page', 10, 2 );
function my_logout_page( $logout_url) {
return home_url( '/wp-webtalkhub.php'); // The name of your new login file
}
// Filter & Function to rename Lost Password URL
add_filter( 'lostpassword_url', 'my_lost_password_page', 10, 2 );
function my_lost_password_page( $lostpassword_url ) {
return home_url( '/wp-webtalkhub.php?action=lostpassword'); // The name of your new login file
}
You can edit your functions.php file from WordPress dashboard by going to Appearance > Theme File Editor > functions.php.
Or you can edit it using cPanel or FTP by going to public_html > wp-content > theme > active theme> functions.php.
The active theme is the theme you have enabled on your site. Save the file after adding the code. Now you can access your site from the new custom URL.
Once you access the site from the new URL successfully you can now delete the old wp-login.php file from your server.
Tip: I recommend using the code snippet plugin to add the hook instead of editing functions.php directly. This way, you won’t lose the code if the theme is updated.
Changing WordPress Login URL By Adding Code to .htaccess File
Changing the website’s login URL using the .htaccess method may seem a bit complex, but I will simplify it for you to follow easily. It’s crucial to pay close attention to each step because even a small mistake can prevent the code from working correctly and might lock you out of your site.
Begin by accessing your File Manager via FTP or cPanel. Once you’re in the root folder (public_html), locate the “wp-login.php” file.
Right-click on the “wp-login.php” file and rename it to any text of your choice. For this tutorial, I’m renaming it to “login321” and save the changes.
Now, find your .htaccess file and edit it. Add the following line of code at the beginning of the .htaccess file:
RewriteRule ^banana$ https://example.com/login321.php [NC,L]
Remember to replace “example.com” with your own domain name and “login321” with the text you used to rename the “wp-login.php” page, “banana” to any text of your choice as this will be now your new login URLso rename it to something you remember.
Now, when you want to log in, you’ll need to type “example.com/banana,” which will redirect you to your login page.
This way, only you will know your login URL. Also, hackers and malicious bots will not be able to access your wp-login.php file directly because we renamed it from the default one.
FAQ(Change WordPress Login URL)
Below are some most common FAQs related to changing WordPress login URL.
How to change WordPress login URL without a plugin?
Changing your WordPress login URL without a plugin can be done as follows:
- Access Your File Manager: Use FTP or cPanel to locate your ‘wp-login.php’ file in the root folder (public_html).
- Rename ‘wp-login.php’: Right-click and rename it to your chosen text (e.g., ‘login123’).
- Edit .htaccess: Open the .htaccess file and add this code at the beginning: RewriteRule ^new-login$ https://yourdomain.com/login123.php [NC,L].
- Custom Login URL: Your new login URL is now ‘yourdomain.com/new-login.’ (You can also change ‘new-login’ to your choice of text). This secures your wordpress login page effectively.
How do I Create a Custom Login URL in WordPress?
To create a custom login URL in WordPress, follow the steps below:
- Backup your website.
- Install and activate WPS Hide Login.
- Go to Settings > WPS Hide Login.
- In the “Login URL,” field set a unique text as your new login URL (e.g., “securelogin”).
- Avoid using “admin” or your domain name as a new custom URL
- In “Redirection URL,” set the page to show if users access the wrong login page.
- That’s it you created a Custom login URL.
Are there any risks in changing the WordPress login URL?
Yes, there are risks, such as potentially locking yourself out if you forget the new URL. Also, WordPress updates could reset the URL. For manual changes, errors are possible. To minimize risks, back up your site, document the new URL, and consider using a plugin for a safer approach.
Conclusion
To sum up, changing the default WordPress URL is a precautionary step to protect your site from hackers. You can easily change your WordPress login URL by using a plugin or coding. Both methods are explained in this guide with simple steps.
Remember, the default login URL is not secure and can be exploited by malicious attackers. By changing it, you can increase your site’s security and prevent unauthorized access.
Hopefully, after reading this article, you will be able to change your wordpress login URL and make it secure still have any questions regarding changing the default wordpress login URL then you can ask me via comment I will be happy to assist you
