Address
171 Starring way
Littleborough, OL15 8RE, UK

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

Multi-step
  • Project Overview
  • Project Details
  • Contact Information
Change Wordpress admin URL

How to Change WordPress Admin URL: A Step-by-Step Guide

Home / Wordpress / How to Change WordPress Admin URL: A Step-by-Step Guide

Changing your WordPress admin URL is an essential step to enhance the security of your website. By default, WordPress uses a common login URL (e.g., example.com/wp-admin or example.com/wp-login.php), making it an easy target for hackers and automated brute-force attacks. This guide explains the importance of changing your WordPress admin URL, provides step-by-step instructions for two reliable methods, and offers additional tips to maintain security.

Why Changing WordPress Admin URL Is Crucial for Security

  1. Protection Against Brute-Force Attacks
    Hackers often use automated bots to target the default WordPress login page, attempting to guess usernames and passwords. By changing the admin URL, you make it significantly harder for unauthorized users to even locate your login page.
  2. Reduce Server Load
    Repeated login attempts from bots can slow down your website and consume server resources. A hidden login URL ensures bots are unable to find the page, helping to improve site performance.
  3. Add an Extra Layer of Security
    While changing the admin URL isn’t a complete security solution, it complements other measures like strong passwords, two-factor authentication (2FA), and limiting login attempts. This step deters attackers by adding a layer of obscurity to your website.
  4. Limit Unauthorized Access
    By changing the login URL and keeping it private, only authorized users who know the custom URL can attempt to log in, reducing the risk of unauthorized access.

How to Change WordPress Admin URL

Below, we’ll cover two methods to change your WordPress admin URL: using a plugin and editing the .htaccess file.

Method 1: Using a Plugin (Beginner-Friendly)

This is the easiest and safest method for non-technical users. By using a plugin, you can change the admin URL without modifying core files or writing code.

  1. Install WPS Hide Login Plugin

    Log in to your WordPress dashboard.
    Go to Plugins > Add New Plugin

    Wordpress dashboard, add new plugin

  2. Search for WPS Hide Login.

    Install and activate the plugin.

    Searching for WPS Hide Login

  3. Configure the Admin URL

    After activation, go to the plugin’s settings.
    Navigate to Settings > General and scroll down to the WPS Hide Login section.
    Enter your desired custom login URL (e.g., example.com/mylogin).
    Make sure to add the correct 404 error page URL.

    Configuring WPS Hide Login Settings

  4. Save Changes

    Click Save Changes to apply the new URL. The default login URLs (wp-admin and wp-login.php) will now redirect to your custom login URL.

  5. Bookmark Your New URL

    Keep the new URL private and bookmark it for easy access. If you forget the new URL, you’ll need to access your site files via FTP to disable the plugin.

Why Use This Method?

  • No coding required.
  • Easy to set up and reverse.
  • Compatible with most WordPress setups.

Method 2: Editing the .htaccess File (Advanced)

For users comfortable with modifying WordPress files, editing the .htaccess file is a robust way to change your admin URL. This method uses custom rewrite rules to restrict access to the default login page and redirect users to a new URL.

Accessing the .htaccess File

The .htaccess file is located in the root directory of your WordPress installation (usually public_html). To access it:

  1. Use an FTP Client
    • Download an FTP client like FileZilla and connect to your website using your FTP credentials.
    • Navigate to the root directory (public_html).
  2. Use Your Hosting File Manager
    • Log in to your hosting account (e.g., cPanel, Plesk).
    • Open the File Manager and navigate to the root directory.

3. Enable Hidden Files

  • The .htaccess file is a hidden file. Ensure that your FTP client or File Manager is configured to show hidden files.

Step-by-Step Instructions

  1. Backup Your Website
    Before making any changes, create a full backup of your site, including files and the database. This ensures you can restore your site if something goes wrong.
  2. Open the .htaccess File
    Open the .htaccess file using a text editor or your hosting’s file editor.
  3. Add the Rewrite Code
    Paste the following code at the very beginning of the .htaccess file:
<IfModule mod_rewrite.c>
  RewriteEngine On

  # Allow access to wp-login.php only if the referer is from new-login
  RewriteCond %{REQUEST_URI} ^/wp-login.php$
  RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example.com/new-login [NC]
  RewriteRule ^ - [F,L]

  # Custom login URL for new-login
  RewriteRule ^new-login$ wp-login.php [QSA,L]
</IfModule>

4. Customize the Code
– Replace new-login with your desired custom login slug (e.g., secure-login).
– Replace example.com with your site’s domain name (e.g., mysite.com).

5. Save the Changes
– Save the .htaccess file and close the editor.

6. Test Your Custom URL
– Visit your new login URL (e.g., example.com/new-login) to confirm it works.
– Attempt to access the default wp-login.php URL to ensure it is now inaccessible.

Code Explanation

  • Enable Rewrite Engine
    The line RewriteEngine On ensures that the .htaccess file can process URL rewrites.
  • Restrict Access to wp-login.php
    • RewriteCond %{REQUEST_URI} ^/wp-login.php$ matches requests to the default login page.
    • RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example.com/new-login [NC] allows access to wp-login.php only if the user comes from the custom login URL.
    • RewriteRule ^ - [F,L] blocks access to wp-login.php if the conditions aren’t met.
  • Custom Login URL
    The line RewriteRule ^new-login$ wp-login.php [QSA,L] maps the custom login URL to the WordPress login page.

Additional Security Tips

  1. Use Strong Passwords
    Ensure all admin users have strong, unique passwords.
  2. Enable Two-Factor Authentication (2FA)
    Add an extra layer of security by requiring a verification code during login. Plugins like Google Authenticator can help.
  3. Limit Login Attempts
    Prevent brute-force attacks by limiting the number of login attempts with plugins like Limit Login Attempts Reloaded.
  4. Keep the Custom URL Private
    Share the custom URL only with authorized users.

Pro Tip: For comprehensive support, regular updates, and advanced security measures, explore our WordPress Maintenance Services to keep your site secure and running smoothly.

Conclusion

Changing your WordPress admin URL is a crucial step to enhance your site’s security. For beginners, using a plugin like WPS Hide Login provides a simple and effective solution. Advanced users can opt for the .htaccess method to gain greater control over URL behavior. Regardless of the method you choose, always combine it with strong passwords, 2FA, and other security practices to safeguard your website from unauthorized access.