How To change The Default WordPress Login URL

Customizing your WordPress login URL can enhance the security of your website by reducing the risk of brute-force attacks on the default login URL (wp-login.php or wp-admin). There are a few methods to customize your WordPress login URL, including using plugins, editing the .htaccess file, or adding code to your theme’s functions.php file.

Here’s an overview of these methods:

Using Plugins

The simplest way to customize your login URL is by using a security plugin that includes this feature.

Plugins You Can Use To Change Your WordPress Login URL:

Loginizer: Primarily a security plugin that helps fight against brute force attacks, Loginizer also offers features to change the login URL.
WPS Hide Login: This plugin secures WordPress websites by enabling administrators to change the login form page URL without modifying core files or adding rewrite rules. It works on any WordPress website.
Solid Security (formerly iThemes Security): This WordPress security plugin offers a variety of features to safeguard your website from potential threats and vulnerabilities. It fixes common security issues, adds extra layers of protection, and enhances user credentials.
All In One WP Security & Firewall: This is a comprehensive security plugin that includes a feature to change the WordPress login URL to something custom, thereby enhancing your site’s security.
Wordfence Security: While primarily known for its firewall and malware scanner, Wordfence also offers enhanced login security features, though changing the login URL might not be as straightforward as with some other plugins.
Ultimate Dashboard: A plugin for WordPress designed to simplify and customize the WordPress dashboard interface.

Steps for getting started with the plugin of choice

Install and activate the plugin (e.g., “WPS Hide Login”).
Go to the plugin settings from your WordPress dashboard.
Enter your new login URL in the provided field.
Save the changes. Make sure to bookmark your new login URL or remember it, as the default wp-login.php will no longer work.

Editing the .htaccess File

For a more hands-on approach, you can use rewrite rules in your .htaccess file. This method is more technical and recommended for advanced users:

Backup Your .htaccess File: Before making any changes, it’s crucial to back up your existing .htaccess file. You can do this by downloading the file through an FTP client or the file manager in your hosting control panel and saving a copy on your computer.
Access Your .htaccess File: Use an FTP client or your hosting provider’s file manager to navigate to the root directory of your WordPress installation. This is usually the folder where you’ll find files like wp-config.php.
Edit the .htaccess File: Once you’ve located the .htaccess file, open it for editing. If you’re using a file manager in your hosting control panel, there might be an “Edit” option when you right-click on the file. If you’re using an FTP client, you’ll need to download the file, edit it with a text editor on your computer, and then upload it back to the server.
Add the Custom Rewrite Rule: At the end of the .htaccess file, add the code line noted below, replacing new-login with your desired URL extension.
This code tells the server to internally redirect requests from yourdomain.com/my-secret-login to yourdomain.com/wp-login.php. The [NC,L] flags at the end of the rule stand for “No Case” (making the rule case-insensitive) and “Last” (indicating that this should be the last rule processed if this rule matches).
Save and Upload the .htaccess File: After adding the custom rewrite rule, save the changes to your .htaccess file. If you’re editing the file on your computer, make sure to upload it back to your server in the same location you found it.
Test Your New Login URL: Now, when you navigate to yourdomain.com/my-secret-login, you should be redirected to the WordPress login page. Remember, the actual URL in the browser will still show wp-login.php once the page loads, but users will need to know your custom path (my-secret-login) to get there.

RewriteRule ^new-login$ /wp-login.php [NC,L]

In the example above the code would look like:

RewriteRule ^my-secret-login$ /wp-login.php [NC,L]

Important Notes:

Compatibility: Ensure that your hosting environment supports the use of .htaccess files and mod_rewrite rules (most Apache servers do).
Security: Changing the login URL is a security measure known as “security through obscurity.” It can help reduce the risk of automated attacks but should be part of a broader security strategy.
Accessibility: Make sure you remember your new login URL, as the default wp-login.php and wp-admin paths will no longer work directly.

Using functions.php

You can also add code to your theme’s functions.php file to redirect users to a custom login page. This method requires creating a custom login page and then adding a function to redirect users:

Create a custom login page in WordPress.
Add the following code to your theme’s functions.php file, making sure to replace the URL with your custom login page URL.
Save the changes. This will redirect users from the default login page to your custom login page.

function custom_login_page() {
    $new_login_page_url = home_url('/your-custom-login-page/'); // Change this to the URL of your custom login page
    if( $GLOBALS['pagenow'] === 'wp-login.php' ) {
        wp_redirect($new_login_page_url);
        exit;
    }
}
add_action('init','custom_login_page');

Each method has its pros and cons, so choose the one that best fits your technical comfort level and requirements. Remember to always back up your website before making changes to core files like .htaccess or functions.php.

Don’t hesitate to get in touch with us if you need any help.