Address
171 Starring way
Littleborough, OL15 8RE, UK
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
Changing your WordPress admin URL is an essential step to enhance the security of your website. By default, WordPress uses a common login URL (e.g., example.com/wp-admin
or example.com/wp-login.php
), making it an easy target for hackers and automated brute-force attacks. This guide explains the importance of changing your WordPress admin URL, provides step-by-step instructions for two reliable methods, and offers additional tips to maintain security.
Below, we’ll cover two methods to change your WordPress admin URL: using a plugin and editing the .htaccess
file.
This is the easiest and safest method for non-technical users. By using a plugin, you can change the admin URL without modifying core files or writing code.
Log in to your WordPress dashboard.
Go to Plugins > Add New
Plugin
Install and activate the plugin.
After activation, go to the plugin’s settings.
Navigate to Settings > General
and scroll down to the WPS Hide Login section.
Enter your desired custom login URL (e.g., example.com/mylogin
).
Make sure to add the correct 404 error page URL.
Click Save Changes to apply the new URL. The default login URLs (wp-admin
and wp-login.php
) will now redirect to your custom login URL.
Keep the new URL private and bookmark it for easy access. If you forget the new URL, you’ll need to access your site files via FTP to disable the plugin.
.htaccess
File (Advanced)For users comfortable with modifying WordPress files, editing the .htaccess
file is a robust way to change your admin URL. This method uses custom rewrite rules to restrict access to the default login page and redirect users to a new URL.
.htaccess
FileThe .htaccess
file is located in the root directory of your WordPress installation (usually public_html
). To access it:
public_html
).3. Enable Hidden Files
.htaccess
file is a hidden file. Ensure that your FTP client or File Manager is configured to show hidden files..htaccess
File.htaccess
file using a text editor or your hosting’s file editor..htaccess
file:<IfModule mod_rewrite.c>
RewriteEngine On
# Allow access to wp-login.php only if the referer is from new-login
RewriteCond %{REQUEST_URI} ^/wp-login.php$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example.com/new-login [NC]
RewriteRule ^ - [F,L]
# Custom login URL for new-login
RewriteRule ^new-login$ wp-login.php [QSA,L]
</IfModule>
4. Customize the Code
– Replace new-login
with your desired custom login slug (e.g., secure-login
).
– Replace example.com
with your site’s domain name (e.g., mysite.com
).
5. Save the Changes
– Save the .htaccess
file and close the editor.
6. Test Your Custom URL
– Visit your new login URL (e.g., example.com/new-login
) to confirm it works.
– Attempt to access the default wp-login.php
URL to ensure it is now inaccessible.
RewriteEngine On
ensures that the .htaccess
file can process URL rewrites.RewriteCond %{REQUEST_URI} ^/wp-login.php$
matches requests to the default login page.RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example.com/new-login [NC]
allows access to wp-login.php
only if the user comes from the custom login URL.RewriteRule ^ - [F,L]
blocks access to wp-login.php
if the conditions aren’t met.RewriteRule ^new-login$ wp-login.php [QSA,L]
maps the custom login URL to the WordPress login page.Pro Tip: For comprehensive support, regular updates, and advanced security measures, explore our WordPress Maintenance Services to keep your site secure and running smoothly.
Changing your WordPress admin URL is a crucial step to enhance your site’s security. For beginners, using a plugin like WPS Hide Login provides a simple and effective solution. Advanced users can opt for the .htaccess
method to gain greater control over URL behavior. Regardless of the method you choose, always combine it with strong passwords, 2FA, and other security practices to safeguard your website from unauthorized access.