How to Change WordPress Login URL?

If you’ve found yourself searching for ways to change WordPress login URL into Google, you’re in the right place. Changing the default WordPress login URL can significantly enhance the security of your website. It adds an extra layer of protection against unauthorised access and cyber threats.

Safeguarding your website has never been more critical. Imagine waking up to find your WordPress site compromised, your hard work tampered with, or worse, completely hijacked.

Why Change WordPress Login URL?
How to change WordPress login URL?
Additional Security For Your Login Page

In this article, we’ll explore the ways to change the WordPress login URL easily and effectively.

First off, let’s be clear on why changing WordPress URL is a necessity.

The default login URL for WordPress (which generally is ’yourwebsite.com/wp-admin or wp-login.php’) is commonly known to those who are familiar with WordPress and more to those who are looking for unauthorised access and malicious attacks.

You might think then what? They still require a login ID and password. But this is about keeping the attackers from knowing where to start. There are brute force attacks where hackers attempt to gain access by trying multiple username and password combinations. Not to mention, your password and username might be on the leaked or pawned lists and it’s now easier to get your usernames and passwords.

Simply put, unauthorised people including hackers and attackers should not be able to access your login page. Changing the login URL adds an additional barrier, making it harder for unauthorised users to find and access the login page. Now let’s get started on the ways to change the URL.

Generally, there are two methods to change the WordPress login URL: using a plugin or manually editing the website files which do not require the plugins. If you are looking for easier ways utilising plugins, feel free to jump into the section ‘How to change WordPress login URL with plugin?’ below.

Changing WordPress login URL manually requires you to edit some of the core website files and may not be straightforward for all of us.

You can change the WordPress login URL manually by editing specific files on your website. This method requires a bit more technical knowledge but provides complete control over the process.

Note: We recommend taking backup of the website before doing this. See our list of backup plugins and guide on our blog –Best WordPress backup plugins. In case anything is missed or miscalculated, you might end up being locked out of your own website. Also, remember the new login URL and store it safely.

Edit wp-login.php File

To change your WordPress login URL by editing your wp-login.php file, follow the steps below. This method renames the WordPress login file and replaces every instance where this might be referred in your code.

Access your root directory through FTP or any other methods, locate the wp-login.php file and download it.
Now you are going to find all wp-login.php references in this file and change it to your custom login URL. For example, replacing all ‘wp-login’ with ’mysitelogin’ means that you are planning to use yoursite.com/mysitelogin.php as your login URL.
After replacing the wp-login.php with your desired name, save the changes to the file. Then, change the file name of wp-login to the same name which in the above example is ’mysitelogin.php’.
Upload the file to your root directory
You will also need to make changes to your functions.php file of your theme for this. For this, add the code below and save the file. Remember, I’ve used mysitelogin.php as your custom URL and filename instead of wp-login.php.

add_filter( ‘login_url’, ‘custom_login_url’, PHP_INT_MAX );

function custom_login_url( $login_url ) {

$login_url = site_url( mysitelogin.php’, ‘login’ );

return $login_url;

}

Now, delete the wp-login.php file in the root directory.

Changing your WordPress login URL with a plugin is fairly easy. There are numerous plugins available (for free too) that will help you change the WordPress login URL and we’ll try to do this with ‘WPS Hide Login’. This plugin will basically change your wp-login.php to anything you want.

For this, follow the steps below:

First, install and activate the WPS Hide Login plugin.
Once activated, go to WP Admin > Settings > WPS Hide Login which will take you to the plugin setting page.
In the plugin settings, locate the option to change the login URL and enter your desired custom URL.
Save Changes: Save the changes, and the plugin will automatically update the login URL.

Note: Please be aware that installing the plugin, your login URL might be automatically changed to yourwebsite.com/login by default. The process is similar for all plugins.

While changing login URL is one method it is not completely reliable. You may want to consider implementing measures to lock your WordPress login URL, making it accessible only to authorised users. This can be done through various methods, such as IP restrictions or password protection, adding an extra layer of security to your login page. Some of the WordPress plugins also allow you to do this.

Two-factor authentication (2FA) adds an additional layer of security by requiring users to provide another form of identification before gaining access to their accounts. Setting up 2FA for your WordPress login page can greatly reduce the risk of unauthorised access, even if login credentials are compromised. This can be done by using the WordFence security plugin.

Implement Captcha

Integrating Captcha verification into your login page can help block automated bots and malicious scripts from attempting to gain unauthorised access. By requiring users to complete a simple Captcha challenge, you can ensure that only legitimate users are able to log in to your WordPress site.

Limiting the number of login attempts allowed within a certain time frame can help prevent brute force attacks on your WordPress login page. By setting a maximum threshold for failed login attempts, you can thwart automated scripts from guessing login credentials and gaining unauthorised access.

Whitelist IP Addresses

Consider whitelisting specific IP addresses that are allowed to access your WordPress login page. This approach restricts access to only trusted devices or networks, adding an extra layer of security to your login process. Any unrecognised IP address will not be able to login to your WordPress backend.

Another important step is to monitor WordPress activity logs including login attempts and site activities regularly. This can help you keep track of login attempts, you can quickly identify and respond to any suspicious behaviour, safeguarding your WordPress site.

Need more insights to make your website secure? Read our comprehensive blog WordPress Maintenance Guide.

If you need help in implementing these security measures or need technical support, we also provide WordPress Maintenance Services in Australia .

Updated on: 2 April 2024 |

WordPress Security

Sazjan Neupane

Sazjan helps us reach our dream clients with his expertise in Search Engine Optimisation, PPC, Project Management & Online Business Development. He has worked with a variety of clients in different industries over the last 5 years. In his free time, Sazjan enjoys traveling and exploring new cultures.

How to Change WordPress Login URL?