How to Change WordPress Login URL for Extra Security

change wordpress login URL

When you are working with WordPress there are always security concerns. To be honest, with WordPress being so popular and used by so many people with all sorts of plugins it has tons of security vulnerabilities. Being obsessed with web performance I am not a huge fan of bloated security plugins like WordFence. Instead I choose to make small little tweaks, like my WordPress login URL. It is one of the easiest ways to crack down on security breaches. See the free plugin below that I use to change my WordPress login URL.

How to Change WordPress Login URL

By default WordPress uses /wp-admin/ for your login URL. The problem with this is that bots, hackers, etc. all scan for these when looking for vulnerabilities and entry points into your site. On one of my sites I had 700+ failed attempts per day trying to gain access to my site.

default wordpress login URL

Follow the steps below to install and configure the free plugin I use to change my WordPress login URL to something unique. This wiped out pretty much 99% of all those attempts.

Step 1

In your WordPress dashboard click into “Plugins” and “Add New.”

wordpress plugins add new

Step 2

Search for “WPS Hide Login” and click on “Install Now.” You can also download WPS Hide Login from the WordPress repository. Best thing about this plugin is that it is super lightweight and doesn’t require modifications to your .htaccess file. It simply intercepts page requests and rewrites them.

wps hide login

Step 3

Click on “Activate Plugin.”

activate hide login url

Step 4

Under “Settings” click into “General.”

wordpress settings general

Step 5

Scroll down to the bottom of the page and you will see a new “Login URL” field. Input something creative that you can both remember and nobody will be able to guess. I like to have a little fun with mine. You can always bookmark the new login URL as well. Then press “Save Changes.”

change wordpress login url

The next time you login you will need to use your new login URL in your browser.

wordpress login URL

I have used this plugin for 6+ months on all my sites and never had a single issue with it. If you do have any problems, simple delete the plugin from your server and you can then use your original /wp-admin/ URL again. This plugin is now on my toolbox page as something I always recommend installing. If this short little “How to Change WordPress Login URL” tutorial was helpful, please let me know below!

GET MORE STUFF LIKE THIS

Marketing, WordPress, Blogging Tips, SEO and Reviews, once a week.

Thank you for subscribing.

Something went wrong.

12 thoughts on “How to Change WordPress Login URL for Extra Security

  1. Thanks for the post. Great tip! I’ve found my site has been a bit slow, could this be because of Wordfence? I’m keen to improve site speed but I’m reluctant to remove WF as it’s such a highly rated plugin.

    • Hi Kate, according to the plugin page description… “Works with multisite, but not tested with subdomains. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.”

      I don’t have any multisite setups at the moment, so you might want to test first.

  2. Hi Brain, An SEO person told me once that hiding your login URL can have a significant detrimental affect on SEO – your thoughts, and is this true in any way even if exaggerated.

    • Lol, I hope your joking Paul. That is a complete and outright lie. Whoever that SEO person is should not be doing SEO. Your login URL has nothing to do with Google indexing the content of your pages/posts in SERPs. Let me know if you want me to explain more, but that is completely not true.

    • Hmm that is strange. Maybe post a ticket on WordPress support forum for the developer. I have used this on quite a few different servers and never had issues. Maybe the dev can help you.

  3. Indeed an amazing piece of suggestion you have provided. Worked like charm. One small query is: Is there anyway that i can show as ‘error 404 / page not found’ or so rather than showing ‘This has been disabled’.

Leave a Comment

365 Shares
Tweet
Share
Share
Buffer