WordPress is the most popular content manage system available for publishers. However, the popularity comes with serious security threats as many hackers target WordPress websites. One of the common security problems in using WordPress is the login URL. WordPress assigns the login URL in standard format for all installations. Most people still keep it that way, however, we recommend to change it for security reasons. In this article, we will explain how to change WordPress login URL using different methods.
How to Login to WordPress Dashboard?
Before we go on with how to change the login URL for your website, we need to see how it works by default. Usually, the URL of WordPress site’s admin panel will look like below:
You can type your username or email and then password to login to your site’s dashboard.
After logging in, you will see the redirected admin URL as below:
Why Should You Change Login URL?
As we mentioned, WordPress uses the same format for the login URL for every site, which is in the form of yourwebsite.com/wp-login.php. Changing this URL is one of the best things you can do for your site regarding security. Hackers and automated bots can try to login to your website’s simply by adding “/wp-login.php” after website address. They can easily gain access to your admin panel if you are using weak password. This is called brute force attack which is one of the popular threats for WordPress sites. You can block them by changing the login URL of your site.
In addition, every robot visit to your login page will consume the bandwidth and increase your hosting billing. So changing it to something more challenging will undoubtedly help a lot. Just be sure the new URL is easy for you to remember while making it hard for anyone to guess.
What to Do Before Changing Login URL?
One of the best things you can do for your website when making changes to it is doing a backup. This step is crucial if you plan to change your WordPress login URL using manual method. So in case you make any errors during the process of changing, you will have the backup to restore the site to previous state.
Remember, changing login URL in WordPress may log you out of the admin panel. This may create when you have a caching plugin on your site. Therefore, before changing the URL, write down the permalink and exclude the page from caching in your plugin settings. If you are using W3 Total Cache, check here on how to exclude pages from caching.
How to Change Login URL in WordPress?
We will explain the process with manual method as well as using a plugin. We recommend to go with plugin method to avoid editing files.
How to Change WordPress Login URL with Plugin?
One of the easiest ways and most recommended method is using a plugin. There are quite a few different plugins that can do this for you without worrying.
- First of all, you will need to get a new plugin; for this, you can go to the “Plugins > Add New” section of your WordPress dashboard.
- Search with related terms like “Login URL.”
- You will see various plugins like WPS Hide Login, Loginizer, Wordfence Security – Firewall & Malware Scan, All In One WP Security & Firewall, and more. For this tutorial, we will use WPS Hide Login plugin. Click on the “Install Now” button and then “Activate” to use the plugin on your site.
- After activating the plugin, go to the “Plugins” section on your dashboard, find the WPS Hide Login plugin and then click on “Settings” below it. You can also access the settings by navigating to “Settings > WPS Hide Login” menu.
- On the “Settings” page, you will see some general information about like your website’s title, URL, administration email address, new user default role, language of the site, timezone and time & date format. Below all of them, you will see a section named “WPS Hide Login”.
- You will see two parts and the first one is “Login URL”. Here, you need to type the new URL for login, which in our example is “not-wp-login-php”. The other one is “Redirection URL,” which is used to redirect people who try to access your page with the old “wp-login.php”.
- Click on “Save Changes” button to switch the login URL to the new one.
Testing New Login Page
Since you are already are logged in to your website, you won’t notice the difference. If you want to test, you will need to log out of your account and login using new URL.
- If you try to use the old wp-login.php version, you will get a 404 page not found error as shown below.
Changing Login URL Manually
You can also change the URL manually which is not an advisable method since it comes with significant issues if done wrong. You can change the URL by editing site’s file using File Transfer Protocol (FTP) or using File Manager from hosting account or by through your WordPress dashboard.
- First, locate “wp-login.php” file that will be available on the root of your WordPress installation.
- Open the file for editing.
- Use the search and replace option to change “wp-login.php” to the new URL.
- Save the file and upload back to the server.
- Try to login using the new changed URL.
As for why this method is not advised, you will face issues every time after updating WordPress version. After an update, you will loose the changes and need to login using the default URL.
As you can see, using a plugin is a straightforward method for changing login URL of WordPress site. We recommend you to change the URL to protect from brute force attacks.